Skills
skills/lostabaddon/headlessknight/reminder/Gen Agent Trust Hub

reminder

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION] (SAFE): The script uses child_process.spawn to execute a local worker script for background reminder scheduling. \n
  • Evidence: Line 153 in create-reminder.js uses spawn with the current process path and a local script path. \n
  • Context: This is the primary intended functionality of the skill. The script uses an arguments array for spawning, which is a safe practice that prevents shell injection. \n- [DATA_EXPOSURE] (SAFE): The script writes reminder data and logs to the user's home directory. \n
  • Evidence: Uses path.join(os.homedir(), '.cccore-reminders', ...) to define storage paths. \n
  • Context: Storing application-specific state in the home directory is standard behavior for command-line tools. \n- [INDIRECT_PROMPT_INJECTION] (LOW): The skill ingests untrusted text for reminder titles and messages which are stored and passed to other processes. \n
  • Ingestion points: CLI arguments --title and --message in create-reminder.js. \n
  • Boundary markers: Absent. \n
  • Capability inventory: File writing via fs.writeFileSync and process spawning via spawn. \n
  • Sanitization: Input content is stored and passed to the worker without filtering, though spawn prevents these inputs from being interpreted as commands.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:01 PM