Skills
skills/nyldn/claude-octopus/skill-design-lineage/Gen Agent Trust Hub

skill-design-lineage

Pass

Audited by Gen Agent Trust Hub on Mar 23, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes several standard shell utilities (git, mkdir, grep, ls, sed, cat) to automate the creation and retrieval of design documents stored in a hidden directory (~/.claude-octopus/designs/).
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data from previously stored design documents.
  • Ingestion points: Content is read from design documents in SKILL.md (Step 4) using the command DESIGN_CONTEXT=$(<"$LATEST_DESIGN").
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present when reading the file content back into the agent context.
  • Capability inventory: The skill can execute shell commands via git and perform file system writes (cat >).
  • Sanitization: Branch names are sanitized using tr to prevent path traversal, but document content is not sanitized before being read into the context.
  • [SAFE]: No evidence of external data exfiltration, remote code execution from untrusted sources, or hardcoded credentials was found.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 23, 2026, 06:51 AM