gate
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted configuration data to determine execution logic.
- Ingestion points: Reads build and verification commands from
.claude/project.jsonlocated in the user's workspace. - Boundary markers: None present; the skill assumes the configuration file is trusted.
- Capability inventory: Executes shell commands via a local CLI script (
${CLAUDE_PLUGIN_ROOT}/scripts/cli) including lint, typecheck, build, and test operations. - Sanitization: None; the skill does not validate or sanitize the command strings retrieved from the JSON configuration before execution.
- [COMMAND_EXECUTION]: The skill performs extensive shell operations to run quality gates and the self-healing loop. It relies on a local script (
${CLAUDE_PLUGIN_ROOT}/scripts/cli) to facilitate these actions. - [DYNAMIC_EXECUTION]: Implements a "self-healing" loop that involves modifying source code and immediately re-executing it (via lint/build/test cycles) to verify fixes. This creates a feedback loop where the agent's own generated or modified code is executed automatically up to 4 times.
Audit Metadata