codeck-speech
Pass
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local shell script at
$HOME/.claude/skills/codeck/scripts/status.shto retrieve project status. It also creates a local project directory usingmkdir -pwithin the user's home folder. - [PROMPT_INJECTION]: The skill processes untrusted content from local HTML and Markdown files (
outline.md,design-notes.md), creating a surface for indirect prompt injection. - Ingestion points: Reads
*-r*.htmlfiles and Markdown documents from the current project directory. - Boundary markers: Absent; there are no instructions to use specific delimiters or ignore instructions found within the ingested slide content.
- Capability inventory: The skill can execute local bash scripts and perform file write operations, including modifying existing HTML files.
- Sanitization: Present; the instructions specifically mandate HTML-escaping of quotes for
data-notesattributes to prevent structural corruption of the HTML slides.
Audit Metadata