explore-agents
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill operates as a high-level interface for the Octave platform, facilitating the management and execution of AI agents without introducing security vulnerabilities.
- [DATA_EXFILTRATION]: The skill processes user-provided inputs such as email addresses, names, and company domains. This data is passed to the author's (octavehq) designated MCP tools for the purpose of executing outreach workflows, which is consistent with the intended functionality.
- [COMMAND_EXECUTION]: All actions are performed through specialized MCP tools like
run_email_agentandlist_agents. No raw shell command execution, subprocess spawning, or unauthorized system access was found. - [PROMPT_INJECTION]: The skill accepts user-defined context through the
--contextflag. While this data is used to influence AI-generated output, it is passed as a structured parameter to the underlying tools rather than being interpolated into system instructions, minimizing the risk of prompt-based attacks.
Audit Metadata