kw-skill-docs
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill processes multiple local files by instructing the agent to list and read content from the
~/.claude/skills/directory. This is used to harvest documentation metadata from installed skills. - [DATA_EXFILTRATION]: The skill aggregates local configuration data into a prompt for manual export by the user to an external service. While the user is in the loop, this pattern facilitates the movement of local configuration data to a third-party platform.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests data from external
SKILL.mdfiles without sanitization or explicit boundary markers. Maliciously crafted skill files could potentially influence the resulting output. - Ingestion points: Skill configuration files (SKILL.md) in
~/.claude/skills/(Step 1). - Boundary markers: Absent; the workflow lists and reads files directly into the catalog.
- Capability inventory: File system enumeration and reading (
ls,cat). - Sanitization: None; ingested file content is used directly in the generated prompt.
Audit Metadata