research-gather
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION] (HIGH): The skill explicitly instructs the agent to read from a private vault (
~/src/eterne/vault/) containing sensitive biographical data. - Evidence: Documentation states the vault includes names, health history, location, and family/relationship context.
- Risk: If the agent is compromised via indirect injection, this highly sensitive data could be exfiltrated.
- [COMMAND_EXECUTION] (MEDIUM): The skill uses shell commands for research gathering.
- Evidence: Uses
git logandgh pr listwith user-supplied or data-derived keywords. - Risk: Potential for command injection if keywords are not properly sanitized before being passed to the shell.
- [PROMPT_INJECTION] (HIGH): High risk of Indirect Prompt Injection (Category 8) due to the processing of external content.
- Ingestion Points: GitHub PRs, issues, commits, session transcripts, and external web searches.
- Capability Inventory: File system write access (
pipeline/active/), and command execution (git,gh). - Boundary Markers: Absent. There are no instructions to ignore embedded commands in the source material.
- Sanitization: Absent. The skill extracts code and excerpts directly into the research documents.
- [CREDENTIALS_UNSAFE] (LOW): While not hardcoding API keys, it relies on the presence of pre-authenticated environments for
ghandgitwhich could be abused if the agent is misled.
Recommendations
- AI detected serious security threats
Audit Metadata