explain
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- [DATA_EXFILTRATION]: The skill is configured to read
~/.claude/PROFILE.mdto tailor explanations to the user's role and preferences. This file access is explicitly defined and restricted within the skill's configuration environment. - [EXTERNAL_DOWNLOADS]: The technology playbook utilizes
WebSearchandWebFetchto retrieve documentation for third-party libraries from the internet. This allows the agent to provide up-to-date information but involves fetching external content during execution. - [PROMPT_INJECTION]: The skill ingests untrusted content from the local codebase and external websites, which constitutes an indirect prompt injection surface. Malicious instructions embedded in these sources could potentially influence the agent's behavior.
- Ingestion points: Content from local source files and external documentation web pages.
- Boundary markers: The skill uses structured output blocks (WHAT/WHERE/HOW) for organization, but does not implement explicit 'ignore embedded instructions' markers around the ingested data.
- Capability inventory: The skill uses file system reading, web search, web fetch, and user interaction tools.
- Sanitization: There is no evidence of validation, filtering, or sanitization of the content retrieved from the codebase or the web.
Audit Metadata