clean-code
Warn
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill utilizes high-priority instructional markers (e.g., 'priority: CRITICAL', 'CRITICAL SKILL', 'MANDATORY', '🔴 Rule') and imperative commands to override the agent's standard conversational persona and operational guidelines (e.g., 'Fix it, don't explain', 'Just write code', 'Write it directly').- [COMMAND_EXECUTION]: The skill defines a mandatory verification workflow that executes Python scripts from various internal directories (e.g., 'python ~/.claude/skills/api-patterns/scripts/api_validator.py .'). This cross-skill execution pattern relies on external code residing in the agent's file system.- [PROMPT_INJECTION]: Indirect Injection Surface: The agent is instructed to read, parse, and summarize output from various validation scripts. This provides an attack surface for indirect prompt injection if script outputs contain malicious instructions that the agent is not instructed to sanitize or escape.
- Ingestion points: Local file content and script execution output.
- Boundary markers: None defined for script output processing.
- Capability inventory: Read, Write, Edit, and Subprocess execution (Python).
- Sanitization: Absent from processing instructions.
Audit Metadata