Skills
skills/yuiseki/ai-secretary/acomm-receive/Gen Agent Trust Hub

acomm-receive

Pass

Audited by Gen Agent Trust Hub on Mar 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes the acomm command-line tool with the --receive flag to interact with the local yuiclaw daemon and socket located at /tmp/acomm.sock.
  • [PROMPT_INJECTION]: The skill serves as a primary ingestion point for untrusted data from external sources, creating an indirect prompt injection surface.
  • Ingestion points: Message content is retrieved from external channels (Discord, Slack, or ntfy) via the acomm --receive command.
  • Boundary markers: There are no boundary markers or instructions to the agent to treat the incoming data as untrusted text.
  • Capability inventory: The skill's output is intended to be used in shell variables to control subsequent agent logic, as demonstrated in the provided shell script examples.
  • Sanitization: The skill does not perform any sanitization, filtering, or validation of the incoming message content before outputting it.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 14, 2026, 05:10 PM