revenue-acceleration
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [Data Exposure & Exfiltration] (LOW): The skill contains a hardcoded absolute file path
/Users/tmkipper/Desktop/tk_projectswhich exposes the local system username 'tmkipper' and directory structure to the agent. - [Command Execution] (LOW): A bash script is provided in the documentation to automate opening terminal instances for multiple projects. While used for productivity, it establishes a pattern of the agent interacting with the local shell to execute commands.
- [Indirect Prompt Injection] (LOW): The skill is designed to ingest and process project names into various templates (demo scripts, battle cards) without defined security boundaries or sanitization. 1. Ingestion points: Project names and ACV targets in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: Shell command execution (bash block). 4. Sanitization: None detected.
Audit Metadata