vi
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Agent tool to dynamically spawn subagents based on names resolved against local directories such as ~/.claude/agents/. This creates a dependency on the integrity of the local filesystem's configuration files to define agent behavior.\n- [DATA_EXFILTRATION]: The skill references hardcoded absolute paths to a specific user's directory (C:/Users/AGasser/OneDrive/...) for reading its knowledge base and configuration. While intended for its domain, this direct access to personal user folders could lead to data exposure if executed in environments with broader permissions or sensitive data in those paths.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection via the results returned by subagents and external inbound prompts.\n
- Ingestion points: Data enters the context through inbound prompts, specialist agent returns, and the agent_registry.md file.\n
- Boundary markers: No explicit delimiters or instructions are used to separate specialist outputs from the orchestrator's instructions during compilation.\n
- Capability inventory: The agent has the ability to execute subagents via the Agent tool and read local files via the Read tool.\n
- Sanitization: The skill relies on a manual review step but lacks automated sanitization or escaping of external content before it is interpolated into the final compiled product.
Audit Metadata