analyze
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes shell utilities including
find,grep,cat,ls, andjqto traverse the directory structure, identify frameworks, and extract metadata from project manifest files likepackage.jsonorrequirements.txt.- [DATA_EXFILTRATION]: The skill scans for sensitive file paths such as.env,.aws/config, and SSH directories as part of its directory mapping and completeness assessment. This access is restricted to detecting existence and reporting locations within the local 'analysis-report.md' file; no network-based exfiltration or data transmission to remote domains was identified.- [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection because it reads and processes arbitrary content from the local codebase (e.g., README files and source code) to generate summaries. - Ingestion points: Local codebase files read via
catandgrepduring analysis. - Boundary markers: Absent; the skill does not wrap ingested content with specific delimiters or instructions to ignore embedded commands.
- Capability inventory: File system access (read/write) and shell command execution.
- Sanitization: None; the skill assumes the analyzed codebase is safe for summary generation.- [REMOTE_CODE_EXECUTION]: The skill instructs the user to copy plugin slash commands from a local directory (
~/.claude/plugins/stackshift/) to the project workspace. While this involves command execution, it relies on locally existing plugin files and does not perform unverified remote downloads.
Audit Metadata