ac-state-tracker
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICAL
Full Analysis
- Indirect Prompt Injection (SAFE): The skill reads from local state files (e.g., feature_list.json, .claude/master-state.json) to manage session state. While these are untrusted data ingestion points, this behavior is essential to the skill's primary purpose and poses minimal risk in a local development context. Evidence: 1. Ingestion: feature_list.json, .claude/*.json; 2. Boundary markers: Absent; 3. Capability inventory: File writes and Git commits; 4. Sanitization: Not specified.
- Persistence Mechanisms (SAFE): Persistence of state is the skill's primary function and is implemented using standard local file operations and Git within the project directory.
- Data Exposure & Exfiltration (SAFE): No evidence of sensitive file access, hardcoded credentials, or unauthorized network operations.
- Unverifiable Dependencies & Remote Code Execution (SAFE): The skill references local scripts (scripts/state_tracker.py) which were not provided, but the documented use cases are benign.
- Prompt Injection (SAFE): No override or bypass markers were found.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata