understand

Pass

Audited by Gen Agent Trust Hub on Jul 5, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill invokes local command-line tools to gather context for its explanations.
  • Evidence: Uses git diff, git ls-files, and git branch to analyze working tree changes.
  • Evidence: Executes a repository-local Python script located at .claude/scripts/code_graph to trace code dependencies and flow.
  • [PROMPT_INJECTION]: The instructions contain directives aimed at standardizing agent behavior across different platforms.
  • Evidence: Includes instructions to 'Ignore Claude-specific mode-switch instructions' and 'Never ask the user questions' to ensure a non-blocking, one-way explanation flow.
  • Evidence: Contains a 'Strict execution contract' demanding the agent follow the protocol exactly as written when invoked.
  • [DATA_EXPOSURE]: The skill accesses project metadata and source code to fulfill its primary purpose.
  • Evidence: Reads docs/project-config.json, plan.md, and various project reference files to synthesize explanations.
  • Evidence: Writes a persistent 'understanding ledger' to a git-ignored temporary directory (tmp/understand/) to track progress, avoiding modification of tracked source files.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 5, 2026, 06:07 PM
Security Audit — agent-trust-hub — understand