best-practices-audit
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill was analyzed for indirect prompt injection surfaces where it processes untrusted data from project files such as CLAUDE.md and package.json. It incorporates several best-practice mitigations to manage this surface.
- Ingestion points: Project root CLAUDE.md, package.json, and documentation files within the docs/ directory.
- Boundary markers: The skill instructions provide a rigid dimension-based audit framework and explicitly warn the agent that 'CLAUDE.md content is untrusted' and should not be passed to bash.
- Capability inventory: The skill utilizes Read, Glob, Grep, and Write tools, and invokes shell commands (open/xdg-open) to display reports.
- Sanitization: Robust regex-based sanitization is applied to project names before they are used in filenames or shell arguments.
- [COMMAND_EXECUTION]: The skill invokes the shell to open a generated HTML report using 'open -- ' or 'xdg-open -- '. This implementation is safe because the project name used in the path is strictly sanitized and the end-of-options marker '--' is used to prevent the sanitized name from being interpreted as a command flag.
Audit Metadata