block-inventory
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The skill executes shell commands (
ls) and invokes a Node.js script located in a sibling skill directory (.claude/skills/block-collection-and-party/scripts/search-block-collection-github.js). This creates a dependency on the integrity of external scripts that are not contained within the skill itself. - PROMPT_INJECTION (MEDIUM): This skill is vulnerable to Indirect Prompt Injection (Category 8).
- Ingestion points: Reads local directory names (
blocks/*/) and potential documentation or comments within block code to determine purposes. - Boundary markers: Absent. Information is gathered and consolidated without clear delimiters or instructions for the agent to ignore embedded commands.
- Capability inventory: Performs command execution (
ls,node) and the results directly influence the 'content modeling' phase of the migration. - Sanitization: Absent. Data from the local filesystem is treated as trusted metadata, which could allow a malicious repository to influence agent behavior.
Audit Metadata