learn
Pass
Audited by Gen Agent Trust Hub on May 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to perform project discovery and environment assessment. The commands used (such as
ls,cat,find, andmkdir) are standard for project analysis and are strictly scoped to the local working directory. - [PROMPT_INJECTION]: The skill incorporates a human-in-the-loop verification step using the AskUserQuestion tool. It explicitly states that it must 'Never save automatically — always require explicit user approval', which prevents unauthorized persistence of generated content.
- [DATA_EXFILTRATION]: While the skill reads project metadata and file structures to identify patterns, it does not perform any network operations to external domains. All analysis results are either presented to the user or written to the local
.claude/rules/directory.
Audit Metadata