talk-to
Warn
Audited by Gen Agent Trust Hub on Apr 11, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute 'maw hey' commands which incorporate user-supplied variables like {agent} and {preview}. This presents a risk of command injection if the input contains shell metacharacters such as semicolons or backticks.
- [PROMPT_INJECTION]: The 'Mode 4: loop' feature implements an autonomous conversation that processes responses from external agents without user intervention. Ingestion points: arra_thread_read() in SKILL.md. Boundary markers: Absent. Capability inventory: Bash (command execution), arra_thread (writing to threads). Sanitization: Absent.
- [PROMPT_INJECTION]: The skill instructions suppress human-in-the-loop confirmation by telling the agent to 'post immediately' and 'do NOT ask the user what to say', increasing the potential impact of adversarial instructions or indirect prompt injections.
Audit Metadata