understand
Pass
Audited by Gen Agent Trust Hub on Jul 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes local command-line tools to gather context for its explanations.
- Evidence: Uses
git diff,git ls-files, andgit branchto analyze working tree changes. - Evidence: Executes a repository-local Python script located at
.claude/scripts/code_graphto trace code dependencies and flow. - [PROMPT_INJECTION]: The instructions contain directives aimed at standardizing agent behavior across different platforms.
- Evidence: Includes instructions to 'Ignore Claude-specific mode-switch instructions' and 'Never ask the user questions' to ensure a non-blocking, one-way explanation flow.
- Evidence: Contains a 'Strict execution contract' demanding the agent follow the protocol exactly as written when invoked.
- [DATA_EXPOSURE]: The skill accesses project metadata and source code to fulfill its primary purpose.
- Evidence: Reads
docs/project-config.json,plan.md, and various project reference files to synthesize explanations. - Evidence: Writes a persistent 'understanding ledger' to a git-ignored temporary directory (
tmp/understand/) to track progress, avoiding modification of tracked source files.
Audit Metadata