onboarding
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands to check for and install a plugin.
- [EXTERNAL_DOWNLOADS]: The skill installs the 'skill-creator' plugin from an external registry using the 'claude plugin install' command.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it takes unsanitized user input and writes it to the 'CLAUDE.md' file, which is automatically read by the agent in future sessions. 1. Ingestion points: User-provided name, ID, and job description in SKILL.md. 2. Boundary markers: Absent in the resulting 'CLAUDE.md' file. 3. Capability inventory: Plugin installation and file modification. 4. Sanitization: No validation or escaping of user input.
- [DATA_EXFILTRATION]: The skill stores personally identifiable information, including employee IDs and full names, in the 'CLAUDE.md' file. This poses a data exposure risk as these files are frequently committed to shared version control repositories.
Audit Metadata