Skills
skills/steffen025/pai-opencode/Aphorisms/Gen Agent Trust Hub

Aphorisms

Pass

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection via the FindAphorism workflow. \n
  • Ingestion points: The skill uses the WebFetch tool to retrieve content from arbitrary user-provided URLs for thematic analysis in Workflows/FindAphorism.md. \n
  • Boundary markers: No explicit delimiters or safety instructions are defined to ensure the agent ignores potential commands embedded within the fetched external content. \n
  • Capability inventory: The skill has the ability to write to the local file system using the Edit tool and initiate network requests via curl. \n
  • Sanitization: There is no evidence of content sanitization or validation for the data retrieved from external sources before it is processed by the reasoning engine. \n- [COMMAND_EXECUTION]: The skill mandates the execution of a curl command through a shell subprocess upon every invocation to send a status notification to a local service (localhost:8888). While the destination is restricted to the local host, the practice of executing shell commands with agent-interpolated strings increases the attack surface.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 5, 2026, 07:38 AM