clean-code
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The skill instructs the agent to execute multiple Python scripts located at paths such as
~/.claude/skills/. This allows for the execution of arbitrary local code that is outside the immediate scope of the skill itself.- PROMPT_INJECTION (LOW): The instructions use directive language likeCRITICALandMANDATORYto force the agent into a specific persona that avoids explanations (Fix it, don't explain). This is designed to override default conversational guidelines.- INDIRECT_PROMPT_INJECTION (LOW): The 'Script Output Handling' section requires the agent to 'capture ALL output' and 'parse the output'. This establishes a vulnerability surface where script output could contain instructions that influence the agent's subsequent actions.- Evidence Chain for Category 8: - Ingestion points: File SKILL.md, section 'Script Output Handling'
- Boundary markers: Absent; no delimiters are used to separate script output from instructions.
- Capability inventory: Subprocess execution (python) and file editing (Write, Edit tools).
- Sanitization: Absent; the agent is directed to read and parse the full captured output.- DATA_EXPOSURE (SAFE): No credentials or sensitive data exfiltration attempts were found in the static content.
Audit Metadata