psi
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill includes Node.js scripts to calculate storage paths and directs the agent to execute standard CI verification commands (tests, linting). These operations are confined to the local repository environment.
- [DATA_EXPOSURE & EXFILTRATION] (SAFE): The skill stores state data in a dedicated local directory (~/.dot-agent/). It does not attempt to access sensitive system files (e.g., SSH keys, cloud credentials) or communicate with external domains.
- [INDIRECT PROMPT INJECTION] (LOW): The skill ingests data from local research files into the agent context. Evidence Chain: 1. Ingestion point: ~/.dot-agent/working-dir/repo/*.research.md; 2. Boundary markers: Absent; 3. Capability inventory: Local command execution and file writing; 4. Sanitization: Absent. The surface is present but localized to the tool's intended data flow.
Audit Metadata