claude-automation-recommender
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): No malicious behaviors detected. The content consists of instructional documentation for setting up hooks, skills, and subagents within the Claude Code environment.
- [Indirect Prompt Injection] (LOW): The documentation describes patterns for skills that ingest untrusted external data (e.g., Pull Request diffs via
gh pr diff). This establishes a potential attack surface where malicious content in a repository could attempt to influence the agent's reasoning. * Ingestion points:references/skills-reference.md(PR Review skill template). * Boundary markers: Absent in the provided reference examples. * Capability inventory: Documentation notes that skills and subagents can be granted access toRead,Write, andBashtools. * Sanitization: No sanitization or escaping of external content is demonstrated in the examples. - [Dynamic Execution] (LOW): The reference materials explain how to use the
!syntax for context injection and how to create skills that execute local bash scripts for development tasks such as database migration validation. These are intended features of the platform being documented.
Audit Metadata