Skills
skills/within-7/aiter/reporting/Gen Agent Trust Hub

reporting

Pass

Audited by Gen Agent Trust Hub on Mar 4, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its data ingestion and redistribution workflow.
  • Ingestion points: Data is gathered from untrusted or external-facing sources including git log, npm test output, and npm run build results as described in SKILL.md.
  • Boundary markers: There are no explicit delimiters or instructions provided to the agent to ignore embedded commands within the gathered data before inclusion in reports.
  • Capability inventory: The skill has the capability to broadcast gathered data via aiter message send and host it on a public URL using aiter tunnel create.
  • Sanitization: No sanitization, escaping, or validation logic is present for the content extracted from external logs or project files.
  • [DATA_EXFILTRATION]: The skill facilitates the movement of internal project data to external platforms.
  • Internal metadata from .aiter/memory/ (including tasks.md, journal.md, and orchestration.md) is aggregated and shared via IM messages or public web tunnels.
  • [COMMAND_EXECUTION]: The skill relies on the execution of multiple local shell commands to function.
  • It executes git log, npm test, npm run build, and various subcommands of the aiter CLI to compile system and project metrics.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 4, 2026, 04:10 PM