skills/c0ntr0lledcha0s/claude-code-plugin-automations/researching-best-practices/Gen Agent Trust Hub
researching-best-practices
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions for the agent to execute local analysis scripts (
check-practices.py,security-audit.sh) using Bash and Python to perform code quality evaluations and security audits. - [PROMPT_INJECTION]: The skill is designed to ingest and analyze untrusted data, which presents an indirect prompt injection surface.
- Ingestion points: The skill reads local files via
Read,Grep, andGlobtools, and fetches external web content usingWebFetchandWebSearchas part of its research methodology inSKILL.md. - Boundary markers: Absent; the instructions do not specify delimiters or instructions for the agent to disregard embedded commands within the analyzed data.
- Capability inventory: The agent is granted capabilities to execute system commands (
bash), run Python code (python), and perform network requests (WebFetch,WebSearch). - Sanitization: No sanitization or escaping of external content is mentioned before the data is processed or used in decision-making. However, this risk is inherent to the skill's primary purpose of code auditing.
Audit Metadata