customize
Warn
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands to build the project and manage background services.
- Evidence: Commands like 'pnpm run build', 'launchctl load', and 'systemctl --user restart' are used to apply and persist changes.
- [REMOTE_CODE_EXECUTION]: The skill implements a self-modification workflow where source code is generated or modified based on user input and subsequently executed after compilation.
- Evidence: The 'Implement' step explicitly directs the agent to 'Make changes directly to the code' in critical files like 'src/index.ts' and 'src/channels/*.ts'.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it incorporates untrusted user instructions into the system's core logic and persona configuration.
- Ingestion points: User requests for customization collected during the interactive question-and-answer flow.
- Boundary markers: Absent; the instructions do not provide delimiters or warnings to ignore embedded instructions in user requests.
- Capability inventory: High; the agent can write to any file in the 'src/' or 'groups/' directory and execute shell commands to restart the service with the new code.
- Sanitization: Absent; the workflow relies on the agent's interpretation of user requests without validation or sanitization of the resulting code changes.
Audit Metadata