Skills
skills/melodic-software/claude-code-plugins/audit-agents/Gen Agent Trust Hub

audit-agents

Pass

Audited by Gen Agent Trust Hub on Apr 22, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the Bash and Task tools to discover agent files on the system, manage temporary audit data, and coordinate the execution of subagent processes.
  • [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection because it reads and processes instructions and YAML configurations from external agent files that may be untrusted.
  • Ingestion points: Agent source files, instruction sets, and YAML frontmatter located in .claude/agents/ and global plugin directories (~/.claude/plugins/).
  • Boundary markers: There are no explicit delimiters or instructions to ignore embedded commands provided to the auditor subagents when processing these files.
  • Capability inventory: The skill and its subagents have access to Bash, Task, Read, Write, and Edit tools, allowing for file system and command-line operations.
  • Sanitization: No content sanitization or validation of the ingested agent instructions is performed prior to processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 22, 2026, 12:15 AM