Skills
skills/cloudai-x/claude-workflow-v2/analyzing-projects/Gen Agent Trust Hub

analyzing-projects

Warn

Audited by Gen Agent Trust Hub on Feb 15, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (LOW): The skill uses ls and cat to inspect the local filesystem. While these are read-only operations, they grant the agent visibility into the user's directory structure.
  • [PROMPT_INJECTION] (MEDIUM): Vulnerable to Indirect Prompt Injection (Category 8) because it processes untrusted external data.
  • Ingestion points: The skill explicitly reads content from README.md, package.json, requirements.txt, and other codebase files (SKILL.md).
  • Boundary markers: Absent. There are no instructions to the agent to distinguish between its own system instructions and potentially malicious instructions found within the analyzed files.
  • Capability inventory: The skill is designed to find and suggest 'Quick Commands' like Install, Dev, and Test. If a malicious codebase defines a dangerous command (e.g., in a Makefile or package.json), the agent may present it as a valid instruction to the user.
  • Sanitization: Absent. Content extracted from the codebase is directly used to generate a summary report and determine development workflows.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 15, 2026, 09:31 PM