Skills
skills/tkersey/dotfiles/puff/Gen Agent Trust Hub

puff

Pass

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill downloads and installs the puff CLI utility from the author's personal repositories, including the tkersey/tap/puff Homebrew tap and the tkersey/skills-zig GitHub repository.
  • [COMMAND_EXECUTION]: The skill executes local shell commands to compile and install the tool, specifically using zig build to create the binary from source and install to place it in the local path, as well as brew install for macOS systems.
  • [PROMPT_INJECTION]: The skill contains an attack surface for indirect prompt injection. Ingestion points: The launch and submit commands in SKILL.md accept a --prompt argument for task instructions, and the join-operator command processes data from an external patch inbox. Boundary markers: There are no boundary markers or instructions to disregard embedded commands when these prompts are processed. Capability inventory: The tool can execute tasks in the cloud, monitor background processes, and modify local files via the codex cloud apply command. Sanitization: The skill does not perform any validation or sanitization of the input text before it is used in cloud task execution.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 13, 2026, 11:17 AM