secondme
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses python3 -c and openssl to perform configuration management, telemetry logging, and PKCE security parameter generation. These operations are restricted to the vendor's local configuration directory (~/.secondme/).
- [EXTERNAL_DOWNLOADS]: The skill fetches third-party skill bundles (metadata and prompt files) and performs self-updates from the vendor's infrastructure at app.mindos.com and second-me.cn. These are identified as legitimate vendor-owned resources for the skill's core catalog and update functionality.
- [PROMPT_INJECTION]: The skill processes untrusted external data, creating a surface for indirect prompt injection.
- Ingestion points: Data enters the context through the Plaza social feed (references/plaza.md) and third-party app catalog metadata (references/third-party-skills.md).
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are used when processing this remote content.
- Capability inventory: The skill can execute shell commands (curl, python3) and perform filesystem writes.
- Sanitization: No explicit sanitization or validation of the remote data is documented before it is ingested into the agent context.
Audit Metadata