claude-cookbooks
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The setup instructions in references/CONTRIBUTING.md include a command to install the 'uv' package manager via 'curl | sh' from astral.sh. While this involves piped execution of a remote script, the finding is downgraded because the skill is provided by a trusted organization (anthropics).
- COMMAND_EXECUTION (LOW): The documentation contains multiple standard shell commands for environment setup, including 'pip install', 'git clone', and 'uv sync'.
- PROMPT_INJECTION (LOW): The skill provides patterns for processing external data via RAG and web scraping (e.g., in references/third_party.md and references/multimodal.md), creating a surface for indirect prompt injection. 1. Ingestion points: Image analysis, Wikipedia search, and web page content extraction. 2. Boundary markers: Not explicitly defined in the provided code snippets. 3. Capability inventory: Network access via the Anthropic Python SDK. 4. Sanitization: Snippets demonstrate standard usage without explicit external content sanitization.
- CREDENTIALS_UNSAFE (SAFE): Code examples in SKILL.md and references/CONTRIBUTING.md correctly utilize environment variables and .env files for handling API keys, avoiding hardcoded secrets.
Audit Metadata