skills/clidey/whodb/impeccable/Gen Agent Trust Hub

impeccable

Warn

Audited by Gen Agent Trust Hub on Jun 19, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script "scripts/live-copy-edit-agent.mjs" invokes the "codex" CLI with the "--dangerously-bypass-approvals-and-sandbox" flag. This explicitly disables security layers when running local AI-driven code modifications.
  • [COMMAND_EXECUTION]: The "scripts/hook-admin.mjs" script automatically updates IDE configuration files for Claude Code (".claude/settings.local.json"), Codex (".codex/hooks.json"), and Cursor (".cursor/hooks.json"). This registers persistent hooks that execute skill scripts whenever specific file editing tools are used, potentially bypassing user awareness of background script execution.
  • [COMMAND_EXECUTION]: The script "scripts/live-server.mjs" spawns background Node.js processes for a local helper server to facilitate the live variant mode.
  • [EXTERNAL_DOWNLOADS]: Both "scripts/context.mjs" and "scripts/palette.mjs" perform network requests to "https://impeccable.style/api/version" to check for updates and retrieve remote version-specific directives.
  • [PROMPT_INJECTION]: The skill ingests untrusted data from the user's project files during analysis in "scripts/detector/engines/static-html/detect-html.mjs" and "scripts/live-manual-edit-evidence.mjs". This content is interpolated into prompts for sub-agents without rigorous boundary markers, which is a vector for indirect prompt injection.
  • Ingestion points: Project source code reading in "scripts/detector/engines/static-html/detect-html.mjs" and "scripts/live-manual-edit-evidence.mjs".
  • Boundary markers: Absent during the construction of prompts for delegated AI tasks.
  • Capability inventory: Use of "child_process.spawn" for AI runners and "fs.writeFileSync" for project file modification.
  • Sanitization: Minimal filtering of runtime markers is performed via "stripLiveRuntimeHtml" in "scripts/live-copy-edit-agent.mjs".
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 19, 2026, 09:06 AM
Security Audit — agent-trust-hub — impeccable