skills-eval
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The deployment script
scripts/automation/deploy.shuseschmod +xto grant execution permissions to diagnostic and analysis scripts within the skill's own directory, subsequently running validation tests. - [COMMAND_EXECUTION]: Documentation for integration testing (
modules/integration-testing.md) and performance profiling (modules/performance-benchmarking.md) provides Python implementation examples that utilizesubprocess.runto execute local tools to measure execution latency and functional correctness. - [PROMPT_INJECTION]: The skill processes untrusted external data in the form of other skill files, presenting an Indirect Prompt Injection surface (Category 8). Ingestion points: The skill reads
SKILL.mdand auxiliary module files from the local filesystem (~/.claude/skills/). Boundary markers: The framework explicitly implementspressure-testing.mdandanti-rationalization.mdmodules designed to identify and resist adversarial instructions embedded in audited data. Capability inventory: The skill performs local filesystem read operations and executes internal analysis scripts via subprocess. Sanitization: It utilizes a structuralcompliance-checkerto validate that audited files adhere to metadata schemas and safety standards.
Audit Metadata