fix-life-in-1-day
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on local shell scripts (scripts/handler.sh) to process state and user responses. The execution pattern 'bash scripts/handler.sh save "USER_RESPONSE" $WORKSPACE' indicates that raw user input is passed as a command-line argument, which could lead to shell injection if the script does not correctly escape or quote the input.
- [PROMPT_INJECTION]: The skill stores user responses in markdown files (session-NN.md) and later aggregates them into a final-document.md or insights.md. This creates a surface for indirect prompt injection if the stored content is subsequently read back into the LLM context without boundary markers or 'ignore' instructions.
- Ingestion points: User input enters through the save command via handler.sh and is stored in $WORKSPACE/memory/life-architect/.
- Boundary markers: No specific delimiters or safety instructions regarding external content are visible in the command structure.
- Capability inventory: The skill can execute local bash scripts, write to the filesystem, and use jq for JSON processing.
- Sanitization: There is no evidence of sanitization or validation of the USER_RESPONSE before it is passed to the shell or written to files.
Audit Metadata