knowledge-manager
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION] (HIGH): Accesses sensitive local files in
~/Library/Mobile Documents/com~apple~CloudDocs/Geoffrey/knowledge/including identity cores, personality assessments, and financial status containing point balances and partial card numbers. - [COMMAND_EXECUTION] (MEDIUM): Executes shell commands (
cat) and local scripts viabunto manage JSON data. - [PROMPT_INJECTION] (HIGH): High risk of indirect prompt injection via the benefit scraping workflow. Ingestion points: External financial domains (chase.com, marriott.com, alaskaair.com, amex.com) as specified in
SKILL.md. Boundary markers: Absent. Capability inventory: Bash, Write, Read, Browser-control. Sanitization: None specified. Malicious content or instructions on scraped pages could hijack the agent's context to exfiltrate identity or financial data using the agent's file system permissions.
Recommendations
- AI detected serious security threats
Audit Metadata