open

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes shell commands like find, cd, ls, and git status to interact with the filesystem. User input is incorporated into these commands via placeholders like {query} and {project-name} (e.g., find ~/projects ... -name "*{query}*"). This is a standard pattern for CLI-based navigation tools.
  • [PROMPT_INJECTION]: The skill provides a surface for indirect prompt injection by automatically reading and displaying project documentation files. 1. Ingestion points: SKILL.md specifies reading CLAUDE.md and README.md from the selected project directory. 2. Boundary markers: None are specified to encapsulate the content of the documentation files. 3. Capability inventory: The agent has access to filesystem navigation and status commands (find, cd, ls, git). 4. Sanitization: No sanitization of the documentation file content is performed before processing. Resources like hermetic-ormus-caduceus and hermetic-ormus-dojo are recognized as the author's own project resources.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 11:30 AM
Security Audit — agent-trust-hub — open