access
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFE
Full Analysis
- Input Validation and Prompt Injection Defense: The skill includes instructions to disregard access management requests not originating from the user's terminal. This pattern helps prevent indirect prompt injection where external actors might attempt to modify permissions via chat messages.
- File System Management: The skill interacts with local files and directories using basic bash tools for directory creation and listing. These operations are confined to the local environment for configuration management.
- Indirect Prompt Injection Surface Analysis: This skill processes data from external sources and maintains sensitive capabilities.
- Ingestion points: Reads
~/.claude/channels/telegram/access.json, which tracks pending codes from an external server. - Boundary markers: Explicitly restricts actions to terminal input and requires manual entry of pairing codes.
- Capability inventory: Uses file read/write and directory creation tools to manage access.
- Sanitization: Employs unique pairing codes and manual verification steps to validate external data before updating access lists.
Audit Metadata