ai-inventory

Pass

Audited by Gen Agent Trust Hub on May 17, 2026

Risk Level: SAFE
Full Analysis
  • Local File Management: The skill maintains its state by reading from and writing to specific YAML configuration files within the plugin's dedicated configuration directory (~/.claude/plugins/config/). This is standard behavior for skills that require persistent storage of user-provided records.
  • Data Ingestion Surface: The inventory process involves collecting user-supplied descriptions and names for AI systems. This represents a typical surface for indirect prompt injection; however, the skill utilizes a structured classification walk-through and explicit formatting (YAML) which helps mitigate risks associated with processing untrusted text.
  • Human-in-the-loop Enforcement: The instructions explicitly mandate the use of [verify] tags and state that the agent should not auto-derive legal obligations from a static table. This design pattern ensures that a qualified professional remains responsible for final compliance assessments.
Audit Metadata
Risk Level
SAFE
Analyzed
May 17, 2026, 08:27 PM
Security Audit — agent-trust-hub — ai-inventory