customize
Warn
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates self-modification and persistence management by directing the agent to edit TypeScript source files and manage services via "npm run build", "launchctl", and "systemctl".
- [PROMPT_INJECTION]: The skill creates an indirect prompt injection surface by allowing untrusted user input to drive permanent changes to the agent's code.
- Ingestion points: User customization requests provided in natural language (SKILL.md).
- Boundary markers: None; the skill lacks instructions to sanitize or isolate user-driven code changes.
- Capability inventory: File-write access to "src/" and "groups/" directories, plus shell execution for build and restart processes (SKILL.md).
- Sanitization: None.
Audit Metadata