skills/c0ntr0lledcha0s/claude-code-plugin-automations/analyzing-component-quality/Gen Agent Trust Hub
analyzing-component-quality
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute local Python scripts (quality-scorer.py, effectiveness-analyzer.py, optimization-detector.py) for automated component analysis. These scripts are run with local file paths as arguments, representing standard intended functionality.
- [PROMPT_INJECTION]: The skill creates an attack surface for indirect prompt injection by processing untrusted third-party component files. Ingestion points: The skill reads markdown and YAML files using the Read tool. Boundary markers: The skill lacks explicit instructions to ignore embedded commands in analyzed content, though it uses a structured report template. Capability inventory: The skill utilizes Bash, Read, Grep, and Glob tools. Sanitization: The provided quality-scorer.py script uses yaml.safe_load() and regex for analysis, which prevents the execution of arbitrary content from the files being analyzed.
Audit Metadata