skill-map
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Executes a local bash script (
scripts/scan.sh) to perform scanning. This script utilizes a Python one-liner to safely escape content for JSON output. - [PROMPT_INJECTION]: Acts as a surface for indirect prompt injection by processing and displaying metadata (e.g., descriptions) from other installed skills. Ingestion points are the
SKILL.mdfiles in~/.claude/skills/. While it uses ASCII borders as delimiters and JSON escaping for sanitization, instructions embedded in third-party skill metadata could potentially influence the agent's context.
Audit Metadata