devkit-knowledge
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill directs the agent to read files in ~/.claude/ and ./.claude/ as the primary source of truth, establishing an ingestion surface for untrusted data. Evidence Chain: 1. Ingestion points: Path references to ~/.claude/CLAUDE.md, ~/.claude/commands/.md, and ~/.claude/skills/. 2. Boundary markers: Absent; the skill does not define delimiters for content ingestion. 3. Capability inventory: The skill refers to the Task tool and implicit filesystem reading capabilities. 4. Sanitization: No sanitization or validation of the ingested file content is performed.
- [Data Exposure] (SAFE): The skill identifies the location of global and project-specific configuration files but does not include patterns for unauthorized reading or exfiltration of sensitive data.
- [Privilege Escalation] (SAFE): The documentation suggests the use of chmod +x for troubleshooting hooks, which is a legitimate operational instruction within the context of a developer kit.
Audit Metadata