grade-system
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill directs the agent to execute python tests/run_tests.py, allowing for arbitrary code execution from the local filesystem.
- [DATA_EXFILTRATION]: The skill accesses ~/.claude/agents/, a hidden directory containing agent configuration, which could lead to exposure of internal setup data.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through its ingestion of multiple project files. Ingestion points: files in agent-improvements/ and mel_wiki/. Boundary markers: None present in the instructions. Capability inventory: shell command execution and deep file system access. Sanitization: no validation or filtering is applied to the ingested content.
Audit Metadata