Skills
skills/wanshuiyin/auto-claude-code-research-in-sleep/monitor-experiment/Gen Agent Trust Hub

monitor-experiment

Pass

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface when processing remote data from experiments.
  • Ingestion points: Remote screen session outputs and JSON result files are read into the agent's context using tail and cat via SSH in Step 2 and Step 3 of the workflow.
  • Boundary markers: There are no delimiters or specific instructions provided to the agent to treat the retrieved content strictly as data, which could allow instructions embedded in remote logs or results to influence the agent's subsequent interpretation or actions.
  • Capability inventory: The skill has significant capabilities, including Bash(ssh *) for remote command execution and local Read, Write, and Edit permissions.
  • Sanitization: No sanitization, filtering, or validation is performed on the content retrieved from remote servers before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 13, 2026, 07:47 PM