hizir
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local CLI tools and scripts associated with the vendor's framework, including 'node ~/.claude/hooks/dist/canavar-cli.mjs', 'recall_learnings.py', and 'store_learning.py' for system health reporting and memory management.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its automated processing of external data. 1. Ingestion points: External content is ingested via the '/explore' command for codebase analysis and the 'oracle' agent for web-based research. 2. Boundary markers: The documentation does not define specific boundary markers for separating untrusted data from instructions. 3. Capability inventory: The agents possess extensive capabilities including shell command execution (node, python), Git operations, and local file modification. 4. Sanitization: No explicit sanitization or validation of external content is described, although the skill references a 'rules/safety-and-quality.md' file which may contain relevant policies.
Audit Metadata