Skills
skills/notque/claude-code-toolkit/perses-project-manage/Gen Agent Trust Hub

perses-project-manage

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Uses the Bash tool to execute 'percli' commands for resource management, project configuration, and RBAC operations.
  • [EXTERNAL_DOWNLOADS]: References documentation and source code repositories from official Perses project domains, including perses.dev and GitHub.
  • [PROMPT_INJECTION]: Ingests user-supplied data such as project names, role identifiers, and user identities which are interpolated into shell commands and YAML manifests.
  • Ingestion points: User-provided arguments for project creation, role definition, and role binding subjects.
  • Boundary markers: The skill uses heredocs (EOF) to delimit YAML content but does not provide explicit markers to prevent malicious instructions within interpolated strings.
  • Capability inventory: Uses the 'Bash' tool to execute generated manifests and CLI commands.
  • Sanitization: No explicit sanitization or validation of the structure of input variables is performed within the instruction set.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 05:28 PM
Security Audit — agent-trust-hub — perses-project-manage