b0
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of the Box0 platform by downloading the '@box0/cli' package from npm and cloning the 'box0' repository from the vendor's GitHub account (risingwavelabs/box0). It also adds the b0 skill itself using 'npx skills add risingwavelabs/skills'. These resources are provided by the official vendor.\n- [COMMAND_EXECUTION]: The skill uses the 'b0' CLI tool to manage agents, check connection status, and delegate tasks. It utilizes 'b0 cron' for persistence and task scheduling. System tools like 'npm', 'git', and 'cargo' are also used for platform setup.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface.\n
- Ingestion points: Data from external sources like 'git diff' and local file contents are intended to be piped directly into delegation prompts via 'b0 delegate'.\n
- Boundary markers: No explicit delimiters or instructions to disregard embedded commands are present in the task templates.\n
- Capability inventory: The agents can execute shell commands via the 'Bash' tool, providing significant capability for potential abuse.\n
- Sanitization: The skill does not implement sanitization or validation of the external content before interpolating it into agent instructions.
Audit Metadata