Skills
skills/perkfly/ex-skill/create-ex/Gen Agent Trust Hub

create-ex

Fail

Audited by Gen Agent Trust Hub on Apr 4, 2026

Risk Level: HIGHDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: Accesses the macOS iMessage database located at ~/Library/Messages/chat.db. This file contains sensitive, private communication history.
  • Evidence: The script tools/imessage_parser.py identifies and attempts to read from the local chat.db path using the sqlite3 module.
  • Evidence: SKILL.md provides instructions for the agent to execute this script to ingest message data.
  • [COMMAND_EXECUTION]: Utilizes the Bash tool to execute local Python scripts that parse sensitive user files.
  • Evidence: SKILL.md directs the agent to run python3 scripts for parsing WeChat, iMessage, SMS, and photo metadata.
  • [PROMPT_INJECTION]: Ingests untrusted external data (chat logs, social media exports) to generate AI prompts, creating an indirect prompt injection surface.
  • Ingestion points: tools/*.py scripts read external files into the agent's context.
  • Boundary markers: Absent; the system prompts do not use delimiters or instructions to ignore embedded commands in the source data.
  • Capability inventory: The skill has access to Bash, Write, Edit, and Read tools.
  • Sanitization: No sanitization or validation of the content of the logs is performed before processing.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 4, 2026, 11:44 AM