analyze
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: Analysis of the skill instructions and references reveals no malicious patterns, credentials, or persistence mechanisms.
- [COMMAND_EXECUTION]: Employs standard shell commands such as
readlinkto resolve symbolic links for the target configuration file. These operations are utility-based and do not involve user-controlled argument injection into high-risk binaries. - [DATA_EXFILTRATION]: The skill reads the project's
CLAUDE.mdfile and an internal reference file. It lacks the capability to transmit data over the network or access sensitive system paths such as.sshor.awscredentials. - [PROMPT_INJECTION]: The skill analyzes untrusted text from the
CLAUDE.mdfile. Ingestion point:CLAUDE.md(Step 1). Boundary markers: Absent. Capability inventory: Local file reading and inline text report generation; no network or file-write permissions. Sanitization: Absent. While this represents an indirect prompt injection surface, the risk is mitigated by the absence of dangerous tools for an attacker to exploit.
Audit Metadata