Skills
skills/duc01226/easyplatform/cook-hard/Gen Agent Trust Hub

cook-hard

Pass

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill ingests untrusted data through the $ARGUMENTS parameter and reads various project files (e.g., files in docs/ and source code) during its research and planning phases without sufficient boundary markers or sanitization.
  • Ingestion points: $ARGUMENTS in SKILL.md and read operations on local workspace files.
  • Boundary markers: Absent. The skill does not provide clear delimiters or instructions for the agent to ignore potentially malicious instructions embedded within the data it processes.
  • Capability inventory: The skill uses TaskCreate, grep, glob, and executes local Python scripts (.claude/scripts/code_graph).
  • Sanitization: Absent. There is no evidence of filtering or validation for the inputs used in task creation or script arguments.
  • [COMMAND_EXECUTION]: Local Script Execution. The workflow requires the agent to execute a local Python script (.claude/scripts/code_graph) with various arguments (trace, connections, callers_of). While the script is part of the project repository, its execution is driven by parameters derived from the agent's analysis of the codebase, which can be influenced by external input.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 29, 2026, 09:18 AM