attend
Evaluates execution-time risks in AI operations by classifying tasks for risk signals and surfacing findings for user judgment.
Install this skill
or
0/100
Security score
The attend skill was audited on May 12, 2026 and we found 8 security issues across 2 threat categories, including 2 critical. Review the findings below before installing.
Categories Tested
Security Issues
critical line 458
Direct command execution function call
SourceSKILL.md
| 458 | - Post-`/attend` spawn (Agent) → system context injection (higher compliance than conversation-context path) |
critical line 559
Direct command execution function call
SourceSKILL.md
| 559 | **Pre-existing team member path**: When delegating to team agents that existed before `/attend` activation, Gate prompt is injected via SendMessage (conversation context) rather than Agent spawn (syst |
high line 27
Eval function call - arbitrary code execution
SourceSKILL.md
| 27 | p=Elevated: Eval(t.E) → Fi → Qc(Fi, evidence) → Stop → J → A(J, t, Σ) → Σ' |
high line 132
Eval function call - arbitrary code execution
SourceSKILL.md
| 132 | Phase 1: t.E → Eval(t.E) → Fi: Set(Finding) -- risk evaluation [Tool] |
high line 211
Eval function call - arbitrary code execution
SourceSKILL.md
| 211 | Phase 1 Eval (observe) → Read, Grep (evidence gathering; optional) |
low line 160
Access to .env file
SourceSKILL.md
| 160 | SecurityBoundary: $(...) in configs, .env, credential access → Gate |
medium line 334
Access to .env file
SourceSKILL.md
| 334 | | **SecurityBoundary** | `$(...)` in configs, `.env` access, credential patterns | Security violation risk; aligns with boundaries.md secrets rules | |
medium line 452
Access to .env file
SourceSKILL.md
| 452 | > SecurityBoundary: $(...) in configs, .env access, credentials / |
Scanned on May 12, 2026
View Security Dashboard