process-monitor
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- COMMAND_EXECUTION (SAFE): The skill uses
subprocess.runwith a list of arguments rather than a raw shell string to execute the systempscommand. This prevents shell injection vulnerabilities. - DATA_EXPOSURE (SAFE): The script reads from standard Linux system files (
/proc/loadavg,/proc/meminfo,/proc/uptime) to collect performance data. It does not access sensitive user directories, credentials, or private configuration files. - REMOTE_CODE_EXECUTION (SAFE): There are no patterns of remote code downloading or execution. All logic is contained within the local Python script and uses standard library modules.
- PROMPT_INJECTION (SAFE): No malicious instructions, overrides, or behavioral bypass attempts were found in the
SKILL.mdor metadata fields. - INDIRECT_PROMPT_INJECTION (LOW): While the skill ingests process names which could theoretically contain malicious text from an attacker-controlled process, the script parses this data into a structured JSON format, providing clear boundaries for an LLM to distinguish between data and instructions.
Audit Metadata