signal
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to download the signal-cli binary from its official GitHub repository (github.com/AsamK/signal-cli). This is a well-known service and repository for the tool's intended use.\n- [COMMAND_EXECUTION]: Installation steps involve shell commands to extract archives, set executable permissions, and update shell profiles (~/.bashrc or ~/.zshrc) to include the binary in the system PATH. These are standard configuration procedures for the required dependency.\n- [PROMPT_INJECTION]: The skill identifies a potential indirect prompt injection surface through incoming Signal messages and provides explicit logic for the agent to mitigate these risks. It requires out-of-band direct message confirmation for destructive or sensitive actions requested in multi-participant contexts.\n
- Ingestion points: Signal messages and reactions processed by the agent (SKILL.md).\n
- Boundary markers: Explicit differentiation between the instance 'owner' (defined in configuration) and other participants; instructions to ignore non-owner destructive requests.\n
- Capability inventory: Sending messages and reactions via the message action, and potentially performing destructive actions (e.g., file deletion) if approved by the owner.\n
- Sanitization: Human-in-the-loop requirement where the agent must solicit explicit confirmation via a private channel before proceeding with sensitive tasks requested in a group.
Audit Metadata