statusline-edit
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes the
uname -scommand to detect the operating system and determine the correct file path for the status line script.\n- [COMMAND_EXECUTION]: The skill accesses and modifies local script files (~/.claude/statusline.shor.ps1) using theEdittool. The instructions explicitly restrict the agent to updating only specific boolean variables, which mitigates the risk of arbitrary code injection into the user's shell scripts.\n- [PROMPT_INJECTION]: The skill includes a critical defensive instruction to ignore any user-provided arguments, effectively preventing direct command injection or argument-based exploitation.\n- [PROMPT_INJECTION]: Indirect Prompt Injection Surface:\n - Ingestion points: Reads existing configuration script content from the user's home directory to determine current settings (Phase 2).\n
- Boundary markers: Absent; the agent is directed to read the file content directly without specific delimiters or isolation instructions for the data.\n
- Capability inventory: The agent has capabilities to execute shell commands and modify local files.\n
- Sanitization: The skill relies on pattern matching for
SHOW_*variable assignments, which provides a basic level of structured data extraction but does not explicitly sanitize the entire file content before processing.
Audit Metadata