koko
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides specific commands for managing the Elixir project, including mix run, mix test, and mix format, allowing the agent to execute code and modify the local environment.
- [REMOTE_CODE_EXECUTION]: The skill includes instructions to execute arbitrary shell commands on a remote host (panda) using SSH: ssh joel@panda "cd ~/Code/joelhooks/koko && mix run --no-halt".
- [EXTERNAL_DOWNLOADS]: The skill uses the mix deps.get command to fetch and install external project dependencies from the Hex package registry.
- [PROMPT_INJECTION]: The skill is designed to process data from a Redis channel (joelclaw:gateway:events), creating a vulnerability surface for indirect prompt injection where malicious event payloads could influence agent behavior.
- Ingestion points: The skill subscribes to and processes data from the joelclaw:gateway:events Redis channel as described in SKILL.md.
- Boundary markers: No delimiters or instructions to ignore embedded instructions within the processed event data are present.
- Capability inventory: The skill has access to the filesystem (~/Code/joelhooks/koko), can execute system commands via mix, and possesses remote execution capabilities via SSH.
- Sanitization: The skill does not describe any validation or sanitization mechanisms for the data received from the Redis stream.
Audit Metadata