proactive-agent
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: LOW
Full Analysis
- [PROMPT_INJECTION] (SAFE): The skill implements multi-layered defensive instructions across
assets/AGENTS.md,assets/SOUL.md, andreferences/security-patterns.md, explicitly training the agent to treat external content as passive data rather than executable instructions.\n- [COMMAND_EXECUTION] (LOW): Thescripts/security-audit.shutility executes local shell commands (stat,grep) to verify environment security. These operations are restricted to static patterns and do not incorporate untrusted external input into command strings.\n- [DATA_EXFILTRATION] (SAFE): Operational rules strictly prohibit sending data externally without explicit human approval.scripts/security-audit.shspecifically checks for credential exposure and loops back gateway configurations to prevent unintended exposure.\n- [INDIRECT_PROMPT_INJECTION] (LOW):\n - Ingestion points: Processes external data from web searches, emails, and PDFs as defined in
assets/AGENTS.md.\n - Boundary markers: Employs clear instructional boundaries and 'Heartbeat' checks in
assets/HEARTBEAT.mdto scan for injection patterns in recently processed data.\n - Capability inventory: Includes file system exploration, web searching, and execution of the included audit shell script.\n
- Sanitization: Relies on behavioral monitoring and instruction-level isolation rather than programmatic string sanitization.
Audit Metadata