Skills
skills/aviflombaum/claude-code-in-avinyc/status/Gen Agent Trust Hub

status

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to run qmd status. This command belongs to the vendor's own CLI tool and is used as intended to report project status.\n- [DATA_EXPOSURE]: The skill uses the Read tool to access .claude/qmd.json. This local file contains project settings which are summarized for the user.\n- [PROMPT_INJECTION]: The skill reads external data from a configuration file, creating a surface for indirect prompt injection.\n
  • Ingestion points: .claude/qmd.json via the Read tool.\n
  • Boundary markers: None observed.\n
  • Capability inventory: Bash command execution and Read file access.\n
  • Sanitization: None observed.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 07:47 PM