Skills
skills/laurigates/claude-plugins/health-check/Gen Agent Trust Hub

health-check

Warn

Audited by Gen Agent Trust Hub on May 22, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The "SessionStart smoke test" in SKILL.md (Step 1b) parses a command string directly from the .claude/settings.json file and executes it using bash. This pattern allows project-level configuration to trigger arbitrary command execution on the user's system.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests and processes untrusted data from project configuration files (.claude/settings.json, .mcp.json, and .pre-commit-config.yaml) without boundary markers or sanitization, allowing malicious project files to influence the agent's diagnostics.
  • [DATA_EXFILTRATION]: The skill reads sensitive local files, including global and project-specific Claude Code settings and the plugin registry. These files often contain private environment configurations, paths, and potentially credentials or API keys.
  • [EXTERNAL_DOWNLOADS]: In Step 1c, the skill suggests that the user manually install the pre-commit package using pip if it is not found during the diagnostic check.
  • [COMMAND_EXECUTION]: Multiple internal scripts (check-plugins.sh, check-hooks.sh, etc.) execute shell commands and use jq to perform diagnostics or modify the plugin registry, which could be exploited if the inputs are not properly handled.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 22, 2026, 05:06 PM
Security Audit — agent-trust-hub — health-check