x07-os-run
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill defines instructions for the agent to execute various commands using the
x07andx07-os-runnertools. These commands allow for running projects, passing arguments, and executing individual program files on the host operating system. While the skill encourages the use of a sandboxed profile governed by a policy file, it inherently enables direct command execution capabilities. - [PROMPT_INJECTION]: The skill instructions direct the agent to parse JSON reports produced by the
x07-os-runnerbackend. This constitutes an indirect prompt injection surface where a malicious or compromised program could output data designed to influence the agent's logic or bypass safety constraints. - Ingestion points: The
x07-os-runner.reportJSON object printed to stdout during execution inSKILL.md. - Boundary markers: The output is structured as a JSON report, providing a schema-based boundary between the program output and the agent's instructions.
- Capability inventory: The skill possesses extensive capabilities for file system access, network interaction, and process spawning via the
x07toolset, as evidenced by therun-os-policy.sample.jsonconfiguration. - Sanitization: The skill does not explicitly mention sanitization or validation of the content within the
outputfield of the JSON report before the agent processes it.
Audit Metadata