ai-inventory
Pass
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: SAFE
Full Analysis
- Local File Management: The skill maintains its state by reading from and writing to specific YAML configuration files within the plugin's dedicated configuration directory (
~/.claude/plugins/config/). This is standard behavior for skills that require persistent storage of user-provided records. - Data Ingestion Surface: The inventory process involves collecting user-supplied descriptions and names for AI systems. This represents a typical surface for indirect prompt injection; however, the skill utilizes a structured classification walk-through and explicit formatting (YAML) which helps mitigate risks associated with processing untrusted text.
- Human-in-the-loop Enforcement: The instructions explicitly mandate the use of
[verify]tags and state that the agent should not auto-derive legal obligations from a static table. This design pattern ensures that a qualified professional remains responsible for final compliance assessments.
Audit Metadata