popebot-doctor
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
child_process.execSyncto perform environment discovery and health monitoring. It executes standard commands such asdocker --version,git --version,gh auth status, anddf -hto verify system tools and resources. - [COMMAND_EXECUTION]: The automated repair functionality in
lib/repair.jsexecutesnpm installwithin specific skill directories and performs filesystem modifications (chmod,mkdir) based on diagnostic results. - [EXTERNAL_DOWNLOADS]: The skill performs connectivity tests to well-known and trusted endpoints including Cloudflare (1.1.1.1), GitHub, Anthropic, and OpenAI. These tests use
HEADrequests to verify network availability and API responsiveness. - [CREDENTIALS_UNSAFE]: The configuration checks verify the presence of essential environment variables and API keys (e.g.,
GH_TOKEN,ANTHROPIC_API_KEY,AUTH_SECRET). This logic checks for the existence of the variables without logging or exposing their values. - [PROMPT_INJECTION]: The skill implements a diagnostic surface that processes data from other skill files, creating a potential vector for indirect prompt injection.
- Ingestion points: The skill reads
SKILL.mdfiles from/job/.pi/skills/*to verify metadata and frontmatter integrity (lib/skills.js). - Boundary markers: Minimal; the check focuses on identifying YAML frontmatter delimiters (
---). - Capability inventory: The agent has access to tools that execute subprocesses (
execSync), create directories (mkdirSync), and modify permissions (chmodSync) through the diagnostic and repair modules. - Sanitization: Skill names are validated before being used in paths, and repair operations are gated by specific diagnostic findings.
Audit Metadata