verify-implementation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill's core workflow involves parsing
.claude/skills/verify-*/SKILL.mdfiles and executing the commands found in theirWorkflowsections usingBash. If a malicious skill file is introduced to the repository, this skill will execute its instructions automatically during the verification process. - [INDIRECT_PROMPT_INJECTION] (HIGH): The skill processes untrusted external content with high-privilege capabilities.
- Ingestion points: Reads project files specified in
Related Filesand instructions fromverify-*.mdfiles. - Boundary markers: None. The agent is instructed to parse and follow logic directly from markdown text.
- Capability inventory:
Bashcommand execution,Grep, file reading, and automated file modification (Step 5). - Sanitization: None. The skill does not validate that the parsed 'Bash' commands are safe or restricted to a whitelist before execution.
- [REMOTE_CODE_EXECUTION] (HIGH): While no hardcoded URLs are present, the dynamic parsing and execution of commands from files in the repository allows for a local RCE vector. If an attacker can commit a file to
.claude/skills/, they gain arbitrary command execution when this skill is run. - [DYNAMIC_EXECUTION] (MEDIUM): The skill dynamically generates and applies code fixes (Step 5). While it includes a 'user approval' step, the 'Full Fix' option encourages users to apply AI-generated changes without granular review, which could be exploited by an agent influenced by malicious project data.
Recommendations
- AI detected serious security threats
Audit Metadata