when-analyzing-skill-gaps-use-skill-gap-analyzer

Warn

Audited by Gen Agent Trust Hub on Jun 26, 2026

Risk Level: MEDIUMREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill uses npx claude-flow@alpha in several phases to manage task hooks and memory storage. This command fetches and executes code directly from the npm registry at runtime. Running unverified code from an external package manager introduces potential supply chain risks.
  • [DATA_EXFILTRATION]: The execution process involves scanning the ~/.claude/skills directory to inventory all metadata and descriptions. This data is then stored in a "memory store" using the claude-flow tool. If the tool utilizes a cloud-based backend for its memory system, this results in the transmission of the user's entire skill library structure and functionality map to an external destination.
  • [COMMAND_EXECUTION]: The skill executes shell commands such as find to traverse the local filesystem and npx to interface with external utilities, establishing a link between agent instructions and host-level operations.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It ingests content from local files (Ingestion points: SKILL.md and PROCESS.md via find) and parses them without sanitization (Sanitization: absent) to map capabilities. A malicious skill within the library could contain hidden instructions intended to manipulate the analysis output or influence the researcher agent spawned during the optimization phase. No boundary markers or instructions to ignore embedded content are present to mitigate this risk (Boundary markers: absent).
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 26, 2026, 03:22 AM
Security Audit — agent-trust-hub — when-analyzing-skill-gaps-use-skill-gap-analyzer