skills/dnyoussef/ai-chrome-extension/when-analyzing-skill-gaps-use-skill-gap-analyzer/Gen Agent Trust Hub
when-analyzing-skill-gaps-use-skill-gap-analyzer
Warn
Audited by Gen Agent Trust Hub on Jun 26, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill uses
npx claude-flow@alphain several phases to manage task hooks and memory storage. This command fetches and executes code directly from the npm registry at runtime. Running unverified code from an external package manager introduces potential supply chain risks. - [DATA_EXFILTRATION]: The execution process involves scanning the
~/.claude/skillsdirectory to inventory all metadata and descriptions. This data is then stored in a "memory store" using theclaude-flowtool. If the tool utilizes a cloud-based backend for its memory system, this results in the transmission of the user's entire skill library structure and functionality map to an external destination. - [COMMAND_EXECUTION]: The skill executes shell commands such as
findto traverse the local filesystem andnpxto interface with external utilities, establishing a link between agent instructions and host-level operations. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It ingests content from local files (Ingestion points:
SKILL.mdandPROCESS.mdviafind) and parses them without sanitization (Sanitization: absent) to map capabilities. A malicious skill within the library could contain hidden instructions intended to manipulate the analysis output or influence the researcher agent spawned during the optimization phase. No boundary markers or instructions to ignore embedded content are present to mitigate this risk (Boundary markers: absent).
Audit Metadata