contacts
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes Python3 one-liners to perform regex-based searches on local EDN database files (egghead-2026-01-19-13-09-38.edn) and uses curl to interact with a local Inngest event bus and the Slack API.
- [EXTERNAL_DOWNLOADS]: Fetches user profile data from the Slack API (slack.com) and references data retrieval from external platforms like GitHub and X (Twitter) via the enrichment pipeline.
- [PROMPT_INJECTION]: The contact enrichment process represents an indirect prompt injection surface as it aggregates data from multiple untrusted sources.
- Ingestion points: Processes data from the file SKILL.md, local files in ~/Vault/Contacts/ and ~/Code/joelhooks/egghead-roam-research/, and external API responses from Slack, GitHub, and Web searches.
- Boundary markers: The skill does not define explicit delimiters or instructions to prevent the AI from following commands embedded in the ingested contact data.
- Capability inventory: The skill allows for local Python command execution, network requests via curl, and writing files to the local filesystem.
- Sanitization: No explicit sanitization, filtering, or validation of the external content is documented before it is passed to the LLM for synthesis.
Audit Metadata