claudekit
Warn
Audited by Gen Agent Trust Hub on Jun 27, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill directs the agent/user to add a third-party marketplace and install a plugin from a repository (
duthaho/claudekit-marketplace) that is not part of a recognized or trusted organization. This results in the download of unverifiable code from an external source. - [COMMAND_EXECUTION]: The initialization instructions (
/claudekit:init) trigger shell commands to generate files and directories on the local system, including.claude/rules/,.claude/hooks/, and.mcp.json. - [PROMPT_INJECTION]: The skill scaffolds rule and hook files that the agent is subsequently instructed to follow. This creates an indirect prompt injection surface where the generated instructions could influence or restrict the agent's behavior if the source repository provides malicious templates.
Audit Metadata