Skills
skills/jeremylongshore/claude-code-plugins-plus-skills/apex/Gen Agent Trust Hub

apex

Pass

Audited by Gen Agent Trust Hub on May 7, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing user-provided input through the direct interpolation of arguments.
  • Ingestion points: Untrusted data enters the agent context through the {{args}} variable in SKILL.md.
  • Boundary markers: Absent; the skill does not use delimiters or provide specific instructions to the agent to disregard instructions potentially embedded within the user input.
  • Capability inventory: The skill's environment in SKILL.md is configured with a broad set of tools, including Bash, Write, Edit, WebFetch, and WebSearch, which could be exploited if an injection attack is successful.
  • Sanitization: No sanitization, validation, or escaping logic is applied to the {{args}} content before it is used to drive routing decisions.
Audit Metadata
Risk Level
SAFE
Analyzed
May 7, 2026, 01:39 PM
Security Audit — agent-trust-hub — apex