ds
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses local shell commands to discover the latest versions of its internal constraints and the next steps in its workflow.
- Evidence:
ls -d ~/.claude/plugins/cache/edwinhu-plugins/workflows/*/lib/references/ds-common-constraints.md 2>/dev/null | sort -V | tail -1in SKILL.md. - Evidence:
ls -d ~/.claude/plugins/cache/edwinhu-plugins/workflows/*/lib/skills/ds-plan/SKILL.md 2>/dev/null | sort -V | tail -1in SKILL.md. - These operations are limited to the vendor's specific directory and are used for internal workflow management.
- [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection as it processes untrusted user input to generate a specification file that influences later automation phases.
- Ingestion points: User answers provided via
AskUserQuestioncommands. - Boundary markers: The workflow requires a mandatory user confirmation and a separate review by a
ds-spec-reviewersubagent before proceeding to data exploration. - Capability inventory: The skill can execute directory discovery commands (
ls) and write/read files within the.claude/directory. - Sanitization: No explicit content filtering or escaping is performed on user inputs before they are written to the specification file.
Audit Metadata