python-backend-expert

Pass

Audited by Gen Agent Trust Hub on Apr 23, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill is configured with the Bash tool and includes instructions in the 'Memory Protocol' section of SKILL.md to execute cat .claude/context/memory/learnings.md. This is intended to provide the agent with access to persistent context across sessions.
  • [PROMPT_INJECTION]: The skill's core purpose is to review and provide feedback on Python code, which establishes an indirect prompt injection surface (Category 8) where malicious instructions could be embedded in the data processed by the agent. * Ingestion points: User-provided code files are ingested for analysis during review tasks and by the scripts/main.cjs tool. * Boundary markers: The instructions do not specify any delimiters (such as XML tags or unique markers) to isolate untrusted user code from the agent's system instructions. * Capability inventory: The skill is granted extensive capabilities through tools like Bash, Write, Edit, Read, Grep, and Glob. * Sanitization: There are no mechanisms described for sanitizing, validating, or escaping the content of user-provided code before it is processed in the LLM's context.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 23, 2026, 08:47 AM
Security Audit — agent-trust-hub — python-backend-expert