llm-collab
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides shell scripts (bin/llm-collab-adr, bin/llm-collab-devlog, bin/llm-collab-init, bin/llm-collab-session-start) that automate documentation tasks using local tools such as mkdir, cp, and sed. These operations are restricted to the current project directory.\n- [PROMPT_INJECTION]: The skill uses imperative directives (e.g., 'Agent MUST load') and functional frontmatter (requires, depends) to guide agent behavior. It also reads project-specific documentation (CLAUDE.md, devlogs, ADRs) during session startup, which serves as a surface for indirect prompt injection if those files are modified by an attacker. No explicit boundary markers or sanitization logic is present for these ingestion points.\n- [SAFE]: No network connectivity, hardcoded credentials, or code obfuscation was detected. All identified behaviors are consistent with the skill's primary purpose of maintaining structured documentation.
Audit Metadata