skill-builder
Warn
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The
updatecommand defined inSKILL.mdfetches a shell script from a remote repository viahttps://raw.githubusercontent.com/odysseyalive/claude-enforcer/main/installusingcurl. - [REMOTE_CODE_EXECUTION]: The skill performs remote code execution in the
updatecommand by piping the content fetched from the remote URL directly into a shell interpreter usingbash -c "$(curl -fsSL ...)". - [COMMAND_EXECUTION]: The skill dynamically generates and executes shell scripts used as 'enforcement hooks' (detailed in
references/procedures/hooks.md). These scripts are stored within the skill's local directory and are configured to execute during specific tool invocations via the agent'sBashtool. - [COMMAND_EXECUTION]: The skill utilizes the
TaskCreate,TaskUpdate, andTaskGettools to orchestrate complex operations, including the spawning of specialized subagents for validation and research. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) as it ingests and processes untrusted data from other skill files and
CLAUDE.md(documented inreferences/procedures/audit.md). - Ingestion points: Reads content from
.claude/skills/*/SKILL.mdand project rootCLAUDE.md. - Boundary markers: The skill does not implement explicit delimiters to separate untrusted skill content from its own instructions.
- Capability inventory: The skill has the capability to write files (
Write,Edit), execute shell commands (Bash), and create sub-tasks (TaskCreate). - Sanitization: The procedures focus on verbatim preservation of directives, which may allow malicious instructions in processed files to influence the agent's behavior during audits or optimizations.
Audit Metadata