Skills
skills/akillness/oh-my-skills/claudekit/Gen Agent Trust Hub

claudekit

Warn

Audited by Gen Agent Trust Hub on Apr 28, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the agent to add a third-party plugin marketplace (duthaho/claudekit-marketplace) and install the claudekit plugin. This behavior downloads code from an unverified GitHub repository.
  • [REMOTE_CODE_EXECUTION]: Installing a plugin directly into the agent's execution environment allows external code to run with the agent's full permissions, including access to the local filesystem and network tools.
  • [COMMAND_EXECUTION]: The instructions require running /claudekit:init, which executes opaque logic via the Bash tool to scaffold project files. This command could perform undocumented system modifications or file operations.
  • [PROMPT_INJECTION]: The skill creates an attack surface for indirect prompt injection.
  • Ingestion points: Configuration files generated in .claude/rules/, .claude/modes/, and .claude/hooks/ (SKILL.md).
  • Boundary markers: Absent. There are no instructions for the agent to validate or treat these generated files as potentially untrusted data.
  • Capability inventory: The skill requests access to Bash, Read, Write, and WebFetch tools.
  • Sanitization: Absent. The skill does not implement any content validation for the files it generates or the data it processes during the initialization wizard.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 28, 2026, 01:33 PM