best-practices-audit
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted content from the project's CLAUDE.md file, which could contain malicious instructions designed to influence the agent's behavior during the audit or ship phase.\n
- Ingestion points: Reads the project root CLAUDE.md and associated documentation files in the docs/ directory.\n
- Boundary markers: No specific delimiters or boundary markers are defined to isolate untrusted content in the prompt context.\n
- Capability inventory: The skill can read and write files, restructure documentation, and execute shell commands to open HTML reports.\n
- Sanitization: The skill implements a strict sanitization process for dynamic parameters used in shell commands, including a character whitelist and the use of end-of-options markers to prevent flag injection.\n- [COMMAND_EXECUTION]: The skill executes system commands (open or xdg-open) to display visual audit reports to the user. This behavior is mediated by a multi-step sanitization logic that checks for shell metacharacters and enforces a strict naming schema for the file path.
Audit Metadata