thread-management
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to interact with the 'alma' CLI for core operations like listing, creating, and deleting chat threads. This is the primary functionality of the skill.
- [PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface by retrieving and searching through chat thread messages.
- Ingestion points: Message data is ingested via the 'alma thread messages' command and the local search API endpoint 'http://localhost:23001/api/threads/search'.
- Boundary markers: There are no defined delimiters or 'ignore' instructions to prevent the LLM from potentially following instructions found within the retrieved thread messages.
- Capability inventory: The agent has access to the 'Bash' tool, providing it with the ability to execute shell commands based on processed content.
- Sanitization: The skill does not implement any visible sanitization or validation of the message content before it is processed by the agent.
Audit Metadata