Skills
skills/chachamaru127/claude-code-harness/verify/Gen Agent Trust Hub

verify

Warn

Audited by Gen Agent Trust Hub on Feb 22, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • COMMAND_EXECUTION (MEDIUM): The verify-build and error-recovery skills execute shell commands via the Bash tool to perform builds and tests. This creates a risk of arbitrary code execution if project configuration files like package.json are compromised.
  • EXTERNAL_DOWNLOADS (MEDIUM): The error-recovery skill automatically attempts to install packages using pip install or npm install to resolve dependencies based on error messages. This can be exploited through indirect prompt injection to force the installation of malicious third-party software.
  • PROMPT_INJECTION (LOW): This skill set is susceptible to indirect prompt injection via untrusted data ingested from error logs and review comments.
  • Ingestion points: The error_message variable in error-recovery.md and improvement_suggestions in applying-fixes.md serve as primary entry points for untrusted data.
  • Boundary markers: No specific delimiters or safety instructions are defined in the skill files to separate these inputs from the system instructions.
  • Capability inventory: The agent has access to Bash (command execution) and Edit (file modification) tools, which can be misused if the LLM follows instructions hidden in the data.
  • Sanitization: No input validation, escaping, or filtering is performed on the untrusted strings before they influence tool usage.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 22, 2026, 03:34 PM