execute
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFE
Full Analysis
- [DYNAMIC_CONTEXT_INJECTION]: The skill uses the
!syntax to execute shell commands during the skill loading phase to retrieve project metadata. Specifically, it executescat .ai_state/project.jsonandgrep -c "[ ]" .ai_state/tasks.md. These commands are used to display state information to the agent and do not involve sensitive system files or user-supplied command injection. - [COMMAND_EXECUTION]: The skill instructions frequently use tools like
Bashand custom commands (e.g.,/codex:rescue,/batch,/simplify) to perform software development tasks. This is consistent with the skill's stated purpose of code implementation and task execution. - [INDIRECT_PROMPT_INJECTION]: The skill ingests data from local project files (
.ai_state/tasks.md,.ai_state/project.json). While these files represent an external attack surface where instructions could theoretically be embedded, the skill includes a mandatory manual audit step ('Claude must review') for all generated or retrieved code before application, which serves as a security control. - [DATA_EXPOSURE_AND_EXFILTRATION]: The skill accesses project-specific files in the
.ai_statedirectory. No evidence was found of these files containing credentials, nor are there any network operations attempting to send this data to external domains.
Audit Metadata