Realm
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The
serve.pyscript executes localgitcommands (git log,git status) to gather activity data. These executions use hardcoded command lists and are performed through safe subprocess calls without shell expansion, preventing command injection. - [EXTERNAL_DOWNLOADS]: The visualization templates (
templates/realm-game.html,templates/realm-map.html) download the Phaser game engine and typography from well-known technology providers (jsDelivr CDN and Google Fonts). These are documented as standard dependencies for the skill's visualization functionality. - [DATA_EXFILTRATION]: In live server mode, the skill starts an HTTP server that binds to all available network interfaces (
'') by default on port 8765. This facilitates local network access to the visualization dashboard, which displays processed ecosystem data such as agent names and task summaries. - [PROMPT_INJECTION]: As the skill ingests untrusted data from git commit messages and agent journals for rendering in a browser-based dashboard, it includes a surface for indirect injection. The implementation mitigates this by applying HTML escaping to dynamic content before rendering in the UI.
Audit Metadata