skills-qa
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFE
Full Analysis
- Detection Logic Patterns: The skill contains instructions to identify phrases like 'ignore previous instructions' and 'system message'. These patterns are part of the skill's core purpose—to scan other files for potential security risks—and do not represent an attempt to bypass its own safety constraints.
- Local Configuration Access: The skill is designed to read configuration files located in
~/.claude/plugins/config/claude-for-legal/. This access is intended to provide the agent with necessary context regarding the user's environment and installed tools, and is standard for plugin management utilities. - Untrusted Content Processing: As a QA tool, this skill processes external files (such as other
SKILL.mdfiles). It incorporates a specific 'Prompt-injection heuristic scan' as an initial layer of defense to surface potentially problematic text before performing a detailed evaluation, demonstrating a security-conscious design. - Instructional Safety Boundaries: The skill includes clear guidelines on what constitutes an 'out-of-scope' read or write, explicitly flagging access to sensitive directories like
~/.ssh/or~/.aws/as suspicious when evaluating other skills.
Audit Metadata