Skills
skills/garagon/nanostack/compound/Gen Agent Trust Hub

compound

Pass

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes multiple local shell scripts located in ~/.claude/skills/nanostack/bin/ (such as find-artifact.sh, save-solution.sh, and save-artifact.sh). These scripts are used to query previous task data and persist knowledge documents to the local file system.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests and processes data from previous phases which may contain untrusted content.
  • Ingestion points: Data is read from think, plan, review, qa, security, and ship artifacts using the find-artifact.sh script.
  • Boundary markers: Absent; the skill does not implement specific delimiters or 'ignore' instructions to isolate artifact data from its operational logic.
  • Capability inventory: The agent has the ability to execute local shell scripts with arguments and write files to the know-how/solutions/ directory.
  • Sanitization: Absent; the instructions do not specify any validation, escaping, or filtering for the content retrieved from artifacts before it is used to generate new documents or artifact summaries.
Audit Metadata
Risk Level
SAFE
Analyzed
May 14, 2026, 06:45 AM