sync-skills-shared-protocols

Pass

Audited by Gen Agent Trust Hub on Jul 5, 2026

Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes command-line tools to locate and verify protocol tags across the file system.
  • Evidence: Uses grep -rl "SYNC:{tag-name}" .claude/skills/*/SKILL.md to identify target files for synchronization.
  • Evidence: Invokes python and node to run internal project scripts and test suites.
  • [REMOTE_CODE_EXECUTION]: The instructions direct the agent to execute Python and Node.js scripts provided within the skill's own repository structure.
  • Evidence: The workflow for "Operation B" involves running .claude/scripts/sync-hooks-to-skills.py to perform bulk insertions.
  • Evidence: The verification step requires running .claude/hooks/tests/run-all-tests.cjs to validate agent coverage and tag balance.
  • [PROMPT_INJECTION]: The skill contains instructional modifiers designed to ensure consistent behavior across different platform environments and enforce strict protocol adherence.
  • Evidence: "Ignore Claude-specific mode-switch instructions when they appear" is used to handle compatibility between Codex and Claude environments.
  • Evidence: "Strict execution contract: when a user explicitly invokes a skill, execute that skill protocol as written" is used to prevent the agent from deviating from established workflows.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 5, 2026, 06:08 PM
Security Audit — agent-trust-hub — sync-skills-shared-protocols