system-info
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONNO_CODEPROMPT_INJECTION
Full Analysis
- [Unverifiable Dependencies] (MEDIUM): The skill instructs the user to install the
psutillibrary without version pinning. Installing unversioned packages from external registries introduces a supply chain risk as the dependency is not from a trusted source organization. - [Indirect Prompt Injection] (LOW): The
process_list.pytool creates a vulnerability surface by ingesting external data (process names and arguments) into the agent context. (1) Ingestion points: Process command lines viaprocess_list.py. (2) Boundary markers: Absent. (3) Capability inventory: Local script execution. (4) Sanitization: Absent. - [Data Exposure] (LOW): The process monitoring functionality can expose sensitive data, such as credentials or API keys passed as command-line arguments to running processes.
- [No Code Provided] (INFO): The four Python scripts mentioned in the documentation are not included in the provided skill file, which prevents a full audit of their implementation and security behavior.
Audit Metadata