booth-compact-recovery
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill defines a signal pattern (
/booth-compact-recovery) used to redefine the agent's persona and override existing operational constraints. - [COMMAND_EXECUTION]: Automated recovery logic triggers the execution of CLI tools including
boothandgitwhen the recovery signal is processed. - [DATA_EXFILTRATION]: The skill directs the agent to read and delete files using paths provided within the recovery signal (
Read <path> first). This establishes a vulnerability surface for indirect prompt injection. Ingestion point: Signal format in SKILL.md. Capabilities: File read, file deletion, and shell command execution. Boundary markers: Absent. Sanitization: Absent.
Audit Metadata