process-hunter
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (MEDIUM): The SKILL.md file contains instructions that attempt to override standard safety protocols by directing the agent to 'BONK NOW' (terminate) processes without asking for human confirmation. This 'auto-kill' logic bypasses the safety guideline that destructive actions should be human-verified.
- [COMMAND_EXECUTION] (LOW): The skill provides tools (scripts/terminate_process.py) to terminate arbitrary processes by PID using SIGTERM and SIGKILL. While it includes a list of 'Sacred' system processes to ignore, the classification logic in scripts/hunt_processes.py is based on simple regex patterns that can lead to false positives or the termination of critical development tools.
- [PROMPT_INJECTION] (LOW): Potential Indirect Prompt Injection surface identified. 1. Ingestion points: scripts/hunt_processes.py reads untrusted command-line arguments from all running processes via 'ps'. 2. Boundary markers: None; the command strings are displayed directly in the agent's report. 3. Capability inventory: The agent has the ability to kill processes and run shell commands. 4. Sanitization: None; the skill does not sanitize or escape process metadata before presenting it to the agent, potentially allowing a malicious process to influence the agent via its command-line string.
- [DATA_EXPOSURE] (SAFE): No evidence of hardcoded credentials or attempts to exfiltrate sensitive files. The skill primarily interacts with process metadata.
Audit Metadata