substrate
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes external data that could contain malicious instructions.\n
- Ingestion points: Incoming messages and subjects accessed via
substrate inboxandsubstrate readin SKILL.md.\n - Boundary markers: There are no specified delimiters or instructions to treat incoming mail content as non-executable data.\n
- Capability inventory: The agent can send messages, manage identities, and handle plan approvals using the
substrateCLI tool.\n - Sanitization: No sanitization or content validation is mentioned for incoming messages.\n- [COMMAND_EXECUTION]: The skill uses the vendor's
substrateCLI tool to manage mail, identities, and plans. It uses lifecycle hooks to implement a persistent agent pattern, specifically using theStophook to block process exit for 55 seconds and theExitPlanModehook to block for up to 9 minutes during plan reviews.
Audit Metadata