open
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes shell commands like
find,cd,ls, andgit statusto interact with the filesystem. User input is incorporated into these commands via placeholders like{query}and{project-name}(e.g.,find ~/projects ... -name "*{query}*"). This is a standard pattern for CLI-based navigation tools. - [PROMPT_INJECTION]: The skill provides a surface for indirect prompt injection by automatically reading and displaying project documentation files. 1. Ingestion points:
SKILL.mdspecifies readingCLAUDE.mdandREADME.mdfrom the selected project directory. 2. Boundary markers: None are specified to encapsulate the content of the documentation files. 3. Capability inventory: The agent has access to filesystem navigation and status commands (find,cd,ls,git). 4. Sanitization: No sanitization of the documentation file content is performed before processing. Resources likehermetic-ormus-caduceusandhermetic-ormus-dojoare recognized as the author's own project resources.
Audit Metadata