skills/tw93/claude-health/think/Gen Agent Trust Hub

think

Warn

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill explicitly directs the agent to open and read project configuration files, such as .env and package.json, to "lift the live value" for environment variables and default values. This targets sensitive files that often contain secrets or private configurations.
  • [DATA_EXFILTRATION]: During the validation phase, the skill instructs the agent to list "Every API key, token, and third-party account the plan requires" in the final output summary. This creates a pattern where sensitive identifiers are moved from private local configuration into the agent's output context.
  • [COMMAND_EXECUTION]: The skill utilizes shell commands including pwd, git rev-parse --show-toplevel, and grep to verify the working directory and search for context within the repository.
  • [EXTERNAL_DOWNLOADS]: The instructions mention using "Context7 MCP tools" to query framework documentation and ecosystem standards, which involves network operations to external services.
  • [PROMPT_INJECTION]: The skill ingests data from various project files (AGENTS.md, .claude/rules/*.md, and design docs) and user-provided memory paths to establish design constraints, creating a surface for indirect prompt injection.
  • Ingestion points: Reads project-level documentation, ADRs, issue threads, and user-specified durable context paths.
  • Boundary markers: The skill checks for specific instruction patterns (e.g., "hard rule", "never X") within these files but does not specify delimiters or sanitization for the ingested content.
  • Capability inventory: Accesses shell utilities through subprocess calls for environment verification and content searching (pwd, git, grep).
  • Sanitization: No explicit sanitization or escaping of the processed external content is mentioned.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 15, 2026, 08:50 PM
Security Audit — agent-trust-hub — think