hub
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands like
jq,pwd, andmvto manage its registry. It properly usesjq --argto prevent injection vulnerabilities by treating user-supplied names and notes as data rather than executable code. - [PROMPT_INJECTION]: An indirect prompt injection surface exists via the reading of data from
~/.claude/hubs/registry.json. - Ingestion points:
~/.claude/hubs/registry.json. - Boundary markers: None present.
- Capability inventory: File system access via bash (jq, mv, pwd, date).
- Sanitization: Uses safe jq parameter binding for storage, but does not sanitize content before displaying it to the agent.
Audit Metadata