capability-audit
Pass
Audited by Gen Agent Trust Hub on Jun 26, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches product research data from the Perplexity AI API (api.perplexity.ai). Perplexity is a well-known service, and the data retrieval is a core component of the skill's research functionality.
- [COMMAND_EXECUTION]: Uses standard shell utilities including ls, grep, jq, and node to discover project files, extract data, and execute the local build process.
- [DATA_EXFILTRATION]: Reads an API key from a local configuration file (~/.claude/settings.json) to authenticate its own requests to the Perplexity AI service. This is a standard credential management pattern for the skill's execution environment.
- [PROMPT_INJECTION]: The skill ingests untrusted data from an external search API and uses it to update documentation files, creating a surface for indirect prompt injection. 1. Ingestion points: Perplexity AI API response (Step 8a). 2. Boundary markers: No explicit boundary markers or instruction-override warnings are used when processing the external API content. 3. Capability inventory: The skill possesses substantial capabilities including shell execution (Bash), file reads (Read), and file modifications (Edit, Write). 4. Sanitization: No specific sanitization or filtering is applied to the retrieved search content before it is processed by the agent.
Audit Metadata