personal-arsenal-lifecycle-doctor

Pass

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill implements a 'Safety Contract' that mandates read-only access for discovery and requires explicit user consent for any file modifications. It specifically prevents unauthorized changes to core configuration files like CLAUDE.md and AGENTS.md.
  • [COMMAND_EXECUTION]: The skill identifies maintenance tasks and generates corresponding shell commands for repairs. These commands are presented to the user and only executed upon receiving an explicit 'confirm' or 'execute' instruction, preventing autonomous or malicious execution.
  • [DATA_EXPOSURE]: The skill scans the local ~/.claude/skills directory to extract versioning and dependency metadata. This data is used solely for generating health reports within the user's session and is not exfiltrated to external domains.
  • [PROMPT_INJECTION]: While the skill processes instructions from other skill files, creating a potential surface for indirect prompt injection, this risk is mitigated by the skill's diagnostic nature and the requirement for human oversight on all proposed actions.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 2, 2026, 11:20 AM
Security Audit — agent-trust-hub — personal-arsenal-lifecycle-doctor