exam-forecast
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFE
Full Analysis
- File System Access: The skill reads from and writes to the
~/.claude/plugins/config/claude-for-legal/directory. This is used to load class context fromCLAUDE.mdand store generated forecasts. This localized file interaction is standard for plugins that maintain persistent user-specific state. - Indirect Prompt Injection Surface: The skill is designed to ingest and analyze external data provided by the user in the form of past exams.
- Ingestion points: The workflow intakes past exams (PDF, text pastes, or file paths) in Steps 1 and 3.
- Boundary markers: The skill does not explicitly instruct the agent to ignore or delimit potentially malicious instructions that could be embedded in the exam text.
- Capability inventory: The skill's capabilities are limited to reading and writing markdown files within its specific plugin directory.
- Sanitization: There is no explicit sanitization step mentioned for the content extracted from the exams. However, given the skill's primary purpose of pattern analysis and its restricted output environment, the security risk is minimal.
Audit Metadata