Skills
skills/mattgierhart/prd-driven-context-engineering/ghm-template-sync/Gen Agent Trust Hub

ghm-template-sync

Pass

Audited by Gen Agent Trust Hub on May 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute shell scripts found within the repository (e.g., .claude/hooks/*.sh) to verify they produce valid JSON. While this is a standard developer workflow for verification, it relies on the integrity of the code stored in the project environment.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data from the repository files and uses it to drive agent actions without validation.
  • Ingestion points: Project files including .claude/VERSION, CLAUDE.md, and settings.json (found in SKILL.md).
  • Boundary markers: Absent. The instructions do not define delimiters or provide warnings to ignore malicious instructions that could be embedded in the repository content.
  • Capability inventory: The skill utilizes the Bash tool for local script execution and Write/Edit tools for modifying the filesystem (found in SKILL.md).
  • Sanitization: Absent. There are no instructions to sanitize, escape, or validate the data read from the repository before it is processed or used in shell commands.
Audit Metadata
Risk Level
SAFE
Analyzed
May 12, 2026, 09:42 PM
Security Audit — agent-trust-hub — ghm-template-sync