Skills
skills/senturysh/skills/kernel/Gen Agent Trust Hub

kernel

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection via the autonomous processing of direct messages. \n
  • Ingestion points: Untrusted data enters the context via the inbox_list and dm_get_conversation MCP tools used in references/network.md. \n
  • Boundary markers: The skill lacks delimiters or explicit instructions to treat incoming message content as untrusted data, increasing the risk that the agent will follow instructions embedded within the messages. \n
  • Capability inventory: The agent has extensive capabilities to manage persistence, including task_create, task_update, and memory_write_program_task, as well as communication capabilities via dm_send. \n
  • Sanitization: No sanitization or verification logic is present to validate incoming requests before they are converted into active tasks and executed. \n- [COMMAND_EXECUTION]: The skill implements a custom execution framework (HBP) to run programs and tasks. It specifically instructs the agent to automatically 'set status=running and execute' for requests that match its skills, which allows for the autonomous execution of logic triggered by external inputs.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 04:10 AM