personalize-skills
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill instructs the agent to perform file system operations (scan and write) within the
~/.claude/skills/directory. This grants the agent the capability to modify its own configuration and instruction files. - [PROMPT_INJECTION] (LOW): As a tool that modifies other instruction files, it is vulnerable to indirect prompt injection. If a user provides malicious instructions as a value for a placeholder (e.g., setting
[YOUR_NAME]to an instruction to ignore safety rules), those instructions would be persisted into other skills. - Ingestion points: User input collected via interactive prompts.
- Boundary markers: None; the skill uses direct string replacement.
- Capability inventory: File system write access to the agent's skill directory.
- Sanitization: No validation or escaping is performed on the user-provided strings before they are written to the skill files.
- [DATA_EXPOSURE] (LOW): The skill explicitly handles Personally Identifiable Information (PII) such as names and email addresses. This data is stored in plain text within the skill files on the local file system.
- [SAFE] (SAFE): No evidence of obfuscation, remote code execution, or unauthorized network activity was found. The skill operates as a high-level orchestration of agent capabilities rather than providing its own executable scripts.
Audit Metadata