Skills
skills/seb4stien/charmkeeper/charmkeeper-unit-tests/Gen Agent Trust Hub

charmkeeper-unit-tests

Pass

Audited by Gen Agent Trust Hub on Feb 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION] (LOW): The skill mounts the host's current working directory into the Multipass VM via multipass mount in SKILL.md. This exposes all files in the directory to the guest VM environment.
  • [COMMAND_EXECUTION] (LOW): The skill triggers the execution of tox within the VM via multipass exec in SKILL.md. This runs arbitrary commands defined in the repository's configuration files.
  • [EXTERNAL_DOWNLOADS] (LOW): The script scripts/create-charmkeeper-vm.sh installs astral-uv and tox from external sources. These are standard developer tools but are fetched at runtime.
  • [PROMPT_INJECTION] (LOW): Indirect Prompt Injection vulnerability surface detected. 1. Ingestion points: SKILL.md (mounts $PWD into the guest VM). 2. Boundary markers: Absent. 3. Capability inventory: SKILL.md contains multipass exec and tox which allow arbitrary code execution within the isolated VM. 4. Sanitization: Absent. Repository contents are treated as trusted.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 20, 2026, 10:08 PM