Skills
skills/jeremylongshore/claude-code-plugins-plus-skills/apex-recon/Gen Agent Trust Hub

apex-recon

Pass

Audited by Gen Agent Trust Hub on May 7, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses Bash to execute commands such as ls, cat, and git (log, branch, status, remote) to inventory the workspace and active work.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection by design.
  • Ingestion points: Step 0 and Step 2 involve reading README.md, CLAUDE.md, and source code comments (TODO/FIXME/HACK) which are untrusted project-controlled data.
  • Boundary markers: Absent. There are no instructions for the agent to distinguish between its system instructions and content found within the analyzed files.
  • Capability inventory: The skill has access to Bash, Read, WebFetch, and WebSearch tools.
  • Sanitization: Absent. Data from files is read and presented directly in the assessment output.
  • [SAFE]: Inconsistencies in metadata (version 0.6.4 in SKILL.md vs 0.9.7 in plugin.json) and author naming (tonone-ai vs jeremylongshore) were observed but do not impact the functional security of the skill.
Audit Metadata
Risk Level
SAFE
Analyzed
May 7, 2026, 01:39 PM