Skills
skills/wisdomgraph/mega-code/mega-code-profile/Gen Agent Trust Hub

mega-code-profile

Pass

Audited by Gen Agent Trust Hub on Mar 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Uses the Bash tool to execute CLI commands for authentication and profile management via the mega-code package.
  • [DATA_EXFILTRATION]: Synchronizes user-provided profile preferences to a remote server for cross-machine persistence, which is the primary functionality of the skill.
  • [PROMPT_INJECTION]: The skill displays a surface for indirect prompt injection. 1. Ingestion points: User preferences are gathered via the AskUserQuestion tool in SKILL.md. 2. Boundary markers: No explicit delimiters or warnings are used to prevent the agent from obeying instructions embedded in user-provided data. 3. Capability inventory: The skill has the Bash tool capability to execute system commands. 4. Sanitization: User input is interpolated into shell commands with basic quoting but lacks comprehensive validation or escaping.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 20, 2026, 02:30 AM