triage
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill is designed for internal portfolio management, specifically handling the moving and logging of skill files within the agent's localized environment (~/.claude/skills/).
- [COMMAND_EXECUTION]: The skill executes a local shell script (~/.claude/scripts/skills-triage.sh) to perform its core functions. The script implements defensive programming measures such as
set -euo pipefailand proper variable quoting to ensure robust execution. - [PROMPT_INJECTION]: The skill possesses an indirect injection surface. 1. Ingestion points: Data is read from full-analysis.json and local skill files. 2. Boundary markers: Absent. 3. Capability inventory: Execution of Bash commands for file management and Read tool access. 4. Sanitization: Relies on shell quoting in the script and a mandatory human-in-the-loop confirmation step for all actions to mitigate the risk of malicious data influence.
Audit Metadata