Skills
skills/andrewkriley/claude/skills/Gen Agent Trust Hub

skills

Warn

Audited by Gen Agent Trust Hub on Mar 22, 2026

Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: Accesses the ~/.claude/settings.json configuration file and the ~/.claude/skills/ directory. The settings file is a primary target as it frequently contains MCP server definitions, which often include sensitive information such as environment variables, authentication tokens, or internal system paths.
  • [PROMPT_INJECTION]: The skill presents an attack surface for Indirect Prompt Injection (Category 8) by processing content from all locally installed skill files.
  • Ingestion points: Metadata fields (name, description, argument-hint) from all SKILL.md files located in ~/.claude/skills/.
  • Boundary markers: Absent. The instructions do not provide delimiters or warnings to the agent to disregard instructions that may be embedded within the description or other fields of the files being read.
  • Capability inventory: Filesystem access tools (Glob and Read) are used to traverse and inspect user directories.
  • Sanitization: Absent. Extracted text from skill files is processed and output directly, which could allow a malicious skill file to influence the agent's behavior during the extraction or categorization phase.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 22, 2026, 03:42 PM