awaken
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses standard shell commands to set up the project environment, including directory creation (
mkdir), file generation (cat), and repository management (git init). - [EXTERNAL_DOWNLOADS]: During the 'Soul Sync' phase, the skill fetches philosophy guidelines and project context from the author's official GitHub repositories.
- [DATA_EXFILTRATION]: The skill offers an optional feature to post a birth announcement to the vendor's community registry on GitHub using the
ghCLI. This is a functional, user-authorized feature for identity registration. - [PROMPT_INJECTION]: The skill ingests data from local repository files to automate the identity setup process.
- Ingestion points: Phase 1 reads metadata from
package.jsonandREADME.mdto auto-fill the Oracle identity. - Boundary markers: None; data is extracted using
grepandheadutility commands. - Capability inventory: The skill has access to file system modification, Git operations, and the GitHub CLI for network communication.
- Sanitization: The skill features a mandatory 'Security Check' in Phase 4 and 5 that specifically scans for and removes sensitive information (tokens, API keys, private keys) before any files are committed or transmitted.
Audit Metadata