using-ecosystem
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands (
find,ls) to identify installed components within the agent's environment (e.g.,~/.claude/skills). This is a documented part of its discovery process and is used to build a live index of available tools. - [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection because it reads and processes descriptions from external skills and agents without sanitization. The impact is limited to the advisor's recommendations, and it does not have high-privilege capabilities.
- Ingestion points: Metadata fields such as
nameanddescriptionfromSKILL.mdand agent markdown files discovered in~/.claude/and project directories. - Boundary markers: None used to delimit untrusted description content.
- Capability inventory: Local filesystem discovery (
ls,find) and file reading. - Sanitization: No validation or escaping is applied to the content of the discovered descriptions.
Audit Metadata