sokosumi
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its processing of external data. * Ingestion points: Untrusted data enters the agent context from user-provided "task briefs," "task goals," and "result text" from job outputs (referenced in SKILL.md). * Boundary markers: The instructions do not specify the use of delimiters or "ignore instructions" warnings when interpolating this data into the agent's workflow. * Capability inventory: The skill has the capability to perform network requests (fetch, createAgentJob), read environment variables, and access local filesystem configuration files. * Sanitization: There are no explicit instructions for sanitizing or validating external content before it is processed by the agent.
- [DATA_EXFILTRATION]: The skill instructs the agent to read sensitive configuration and credential files located at ~/.sokosumi/credentials.json and ~/.sokosumi/config.json to facilitate authentication with the vendor's API. This represents a data exposure surface if the agent context is mismanaged.
Audit Metadata