Skills
skills/nickcrew/claude-cortex/doc-claim-validator/Gen Agent Trust Hub

doc-claim-validator

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses subprocess.run to execute git and grep commands for codebase analysis and staleness checking. While it does not use shell=True, it interacts with the local file system based on patterns extracted from documentation.
  • [EXTERNAL_DOWNLOADS]: The verify_claims.py script contains functionality to perform HTTP HEAD requests to external URLs found in documentation. This feature is optional and must be enabled via the --check-urls flag, but it allows the agent to communicate with arbitrary external domains.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes untrusted markdown files from the project.
  • Ingestion points: The skill scans all markdown files in the project directories to extract claims.
  • Boundary markers: There are no delimiters or specialized instructions to prevent the agent from obeying instructions embedded within the documentation it is verifying.
  • Capability inventory: The skill has access to the local file system, can execute specific shell commands, and can make network requests.
  • Sanitization: Input for the grep command is sanitized using re.escape(), but the content processed by AI subagents for behavioral and dependency verification lacks robust sanitization or validation.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 05:13 PM