Skills
skills/leeguooooo/claude-code-usage-bar/claude-statusbar/Gen Agent Trust Hub

claude-statusbar

Pass

Audited by Gen Agent Trust Hub on May 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill facilitates configuration of the status bar by executing the cs CLI tool via Bash commands for tasks such as theme switching, style adjustment, and setup.
  • [PROMPT_INJECTION]: Indirect Prompt Injection surface identified: 1. Ingestion points: User-supplied values for themes, styles, density, and hex color codes (SKILL.md). 2. Boundary markers: Absent; user input is directly interpolated into commands. 3. Capability inventory: Execution of cs utility commands. 4. Sanitization: Absent in the instructions. This allows for potential command injection if malicious parameters are supplied, though it is a byproduct of the skill's management purpose.
  • [DATA_EXFILTRATION]: The skill accesses local configuration files at ~/.claude/settings.json and ~/.claude/claude-statusbar.json to diagnose setup issues, which is a necessary data exposure for the 'cs doctor' functionality.
Audit Metadata
Risk Level
SAFE
Analyzed
May 10, 2026, 12:51 AM