Skills
skills/posva/erudita/unknown-patterns/Gen Agent Trust Hub

unknown-patterns

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • EXTERNAL_DOWNLOADS (MEDIUM): The command erudita install fetches data from an unverified registry, which is a potential vector for supply chain attacks.
  • COMMAND_EXECUTION (LOW): The skill invokes third-party binaries erudita and osgrep. Executing unverified local tools is a risk factor.
  • PROMPT_INJECTION (LOW): Potential for indirect prompt injection via data ingestion. 1. Ingestion points: erudita install downloads external content to the .erudita directory. 2. Boundary markers: Absent; no delimiters are used to wrap ingested content. 3. Capability inventory: osgrep searches through and potentially displays the downloaded content. 4. Sanitization: None provided; the skill does not filter or sanitize documentation content before processing.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:39 PM