there-there
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the 'there-there-cli' from the vendor's official package repository using 'composer global require spatie/there-there-cli'.
- [CREDENTIALS_UNSAFE]: Documentation in 'references/commands.md' reveals the storage path of API tokens in the local configuration file at '~/.there-there/config.json'.
- [DATA_EXFILTRATION]: The instructions include a shell command pattern that reads a sensitive token from a configuration file and uses it in a 'curl' request to download attachments. This is documented for accessing legitimate service images but follows a data exfiltration pattern.
- [PROMPT_INJECTION]: The skill processes untrusted customer content (ticket subjects and HTML messages) which acts as a surface for indirect prompt injection.
- Ingestion points: Commands such as 'show-ticket' and 'list-tickets' ingest data from helpdesk customers into the agent context (SKILL.md, references/commands.md).
- Boundary markers: No specific delimiters or safety instructions are used to isolate untrusted ticket content.
- Capability inventory: The skill allows for replying to tickets, forwarding content, and modifying ticket statuses or assignments.
- Sanitization: There are no instructions for sanitizing or escaping the HTML content before it is processed by the agent.
Audit Metadata