halo-moderation-notifications
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill interfaces with the halo CLI to perform administrative tasks like listing, approving, and deleting comments and notifications. This is the primary function of the skill and uses vendor-provided tools from halo-dev.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it handles untrusted user input.
- Ingestion points: Data from comments and notifications is retrieved from the Halo instance through
halo comment list,halo comment get, andhalo notification list. - Boundary markers: The skill does not define boundary markers or provide instructions for the agent to ignore embedded commands within the retrieved text.
- Capability inventory: The agent has the capability to delete comments, delete notifications, and create replies based on the fetched content.
- Sanitization: There is no evidence of sanitization or validation of the retrieved content before it is processed by the agent.
Audit Metadata