Skills
skills/alirezarezvani/claude-skills/ciso-review/Gen Agent Trust Hub

ciso-review

Pass

Audited by Gen Agent Trust Hub on May 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local Python scripts as part of its workflow. Specifically, it calls risk_quantifier.py and compliance_tracker.py located in a relative directory structure (../../../skills/ciso-advisor/scripts/). This is a functional requirement of the skill's logic for quantifying risk and tracking compliance.
  • [PROMPT_INJECTION]: The skill defines a command /cs:ciso-review <plan> that ingests untrusted user data via the <plan> argument.
  • Ingestion points: Untrusted data enters the agent context through the <plan> parameter in SKILL.md.
  • Boundary markers: There are no explicit delimiters or system instructions provided to the agent to treat the content of the plan as data rather than instructions, which could allow a malicious plan to influence the agent's security verdict.
  • Capability inventory: The skill has the capability to execute shell commands (Python scripts) as defined in the Workflow section of SKILL.md.
  • Sanitization: No sanitization or validation logic is visible for the ingested plan data before it is processed by the agent or used in the review workflow.
Audit Metadata
Risk Level
SAFE
Analyzed
May 13, 2026, 10:30 AM
Security Audit — agent-trust-hub — ciso-review