Skills
NYC
skills/aviz85/claude-skills-library/find-my-project/Gen Agent Trust Hub

find-my-project

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [Indirect Prompt Injection] (LOW): The skill ingests untrusted user input regarding 'pain points' and interpolates it into a prompt for a sub-agent tool without sanitization or boundary markers.
  • Ingestion points: User responses to questions about their role, pain points, and tools in Step 1.
  • Boundary markers: Absent. The user's input is directly embedded into the query: 'I have a user who [describe pain points]'.
  • Capability inventory: Access to Bash (mkdir), Write (file creation), and Task (sub-agent invocation).
  • Sanitization: None detected; the agent is instructed to use the raw descriptions for analysis.
  • [Command Execution] (SAFE): The skill uses the Bash tool to perform directory creation (mkdir -p). The target path is within the user's home directory (~/projects/) and the folder names are intended to be generated by the agent based on project context, minimizing the risk of arbitrary command injection through the project name.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:44 PM