claude
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs command execution by invoking the
claudeCLI and standard Unix utilities (mktemp,cat,rm) as part of its operational workflow. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data such as project files, git diffs, and directory structures.
- Ingestion points: Context is gathered from the filesystem and git state in
references/shared-procedure.mdto be passed to the Claude Code CLI. - Boundary markers: Instructions and gathered context are combined with role-play framing but lack robust structural delimiters (e.g., XML tags) to prevent the agent from being influenced by instructions embedded within the data.
- Capability inventory: The skill interacts with the Claude Code CLI, which possesses the capability to modify code and execute tasks based on the input it receives.
- Sanitization: The skill does not implement sanitization or validation logic for the external content before it is processed by the model.
Audit Metadata