cc-version-analysis
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches version data, changelogs, and release notes from official sources including code.claude.com and the Anthropic GitHub repository. These sources are established technology providers, and the data is used to inform the analysis pipeline.\n- [COMMAND_EXECUTION]: Executes the command
claude --versionvia the Bash tool to programmatically determine the currently installed version of the CLI software for impact assessment.\n- [PROMPT_INJECTION]: The skill processes untrusted data from external sources such as GitHub issues and pull requests, which creates an indirect prompt injection surface.\n - Ingestion points: External text content is gathered from GitHub and community blogs during Phase 1 (
SKILL.md).\n - Boundary markers: Explicit instructions to ignore embedded commands or instructions in the external data are absent from the researcher agent's prompt.\n
- Capability inventory: The skill environment includes tools for shell command execution (
Bash), file system modification (Write,Edit), and agent orchestration.\n - Sanitization: No explicit sanitization or filtering logic is defined for the external text before it is analyzed by the bkit-impact-analyst agent.
Audit Metadata