release-publish
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill mandates the execution of
compose-agentsmdat the start of every session to refresh agent rules and provides instructions for usingsudodirectly when elevated privileges are necessary for system-level operations. - [EXTERNAL_DOWNLOADS]: The agent is directed to install several NPM packages globally, including
compose-agentsmd,@metyatech/task-tracker, and@metyatech/thread-inbox, to manage tasks and rules within the local environment. - [REMOTE_CODE_EXECUTION]: The skill dynamically populates its operational rules (
AGENTS.md) by fetching content from themetyatech/agent-rulesrepository on GitHub. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface; it ingests untrusted data from repository files like CHANGELOG.md and metadata (ingestion points) without explicit boundary markers or sanitization, while maintaining high-impact capabilities (capability inventory) such as
npm publish,git push, andsudoexecution.
Audit Metadata