Skills
skills/princejoogie/dotfiles/overseer/Gen Agent Trust Hub

overseer

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • PROMPT_INJECTION (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) because it processes untrusted text data to manage work state.
  • Ingestion points: Data enters the agent's context through tasks.get(), tasks.nextReady(), and tasks.search() (as documented in references/api.md), which retrieve task descriptions and contexts from a local SQLite database or file system.
  • Boundary markers: The skill documentation and examples (e.g., references/workflow.md) do not include explicit boundary markers or instructions to the agent to disregard instructions embedded within the task.context.own or task.context.parent fields.
  • Capability inventory: The skill provides the agent with capabilities to modify the local filesystem (via .overseer/tasks/ path mentioned in references/examples.md) and perform Version Control System (VCS) operations like creating bookmarks and committing changes through tasks.start() and tasks.complete().
  • Sanitization: There is no evidence of sanitization or validation of the content stored in task fields before it is presented to the agent for processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:37 PM