Skills
skills/davepoon/buildwithclaude/ops-dash/Gen Agent Trust Hub

ops-dash

Warn

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes dynamic context injection via the ! syntax in SKILL.md to execute the ${CLAUDE_PLUGIN_ROOT}/bin/ops-dash shell script automatically when the skill is loaded.
  • [COMMAND_EXECUTION]: The skill bypasses the disallowedTools restriction on the Write tool by using Bash to modify configuration files (preferences.json, registry.json) using output redirection and the mv command.
  • [DATA_EXFILTRATION]: The skill contains logic to export system configuration to the local file system (~/.claude-ops-setup.md), copy system metadata to the clipboard, and open external URLs to share data on X (Twitter).
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. Ingestion points: preferences.json and daemon-health.json. Boundary markers: None. Capability inventory: Bash execution and Agent team management. Sanitization: No validation or escaping of the ingested JSON data is performed.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 29, 2026, 06:48 AM