skill-reliability

Pass

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill runs bundled Python scripts, specifically scripts/inventory.py and scripts/trigger_lint.py, to parse markdown files and perform reliability score calculations. These scripts are local to the skill and do not perform network operations.
  • [SAFE]: The workflow involves reading skill definition files from local directories, including .claude/skills/ and ~/.claude/skills/. This file access is restricted to the intended purpose of the tool and does not involve exfiltration of sensitive data.
  • [SAFE]: The skill provides a surface for indirect prompt injection as it ingests content from external skill files during its analysis phase.
  • Ingestion points: Reads SKILL.md, references/, and instructions/ directories from user-specified skill paths.
  • Boundary markers: Not present.
  • Capability inventory: The skill can perform write operations to SKILL.md files to apply recommended improvements.
  • Sanitization: Content is parsed using regular expressions for identification of headings and metadata; however, it is not explicitly sanitized before being presented to the user for confirmation.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 2, 2026, 10:42 PM
Security Audit — agent-trust-hub — skill-reliability