claude-command-converter
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because its core function is to process and incorporate content from external files into new skill definitions.\n
- Ingestion points: The workflow requires the agent to read command definitions from the
.claude/commands/directory (documented in SKILL.md, Workflow Step 1).\n - Boundary markers: The instructions lack requirements for the agent to use specific delimiters or to ignore any instructional content found within the source files.\n
- Capability inventory: The agent is instructed to read from the source directory and write the resulting skill structure to the
skills/directory (documented in SKILL.md, Workflow Steps 1, 4, and 5).\n - Sanitization: The skill does not provide any steps for sanitizing, escaping, or validating the content extracted from the source files before it is used to generate the new SKILL.md files.
Audit Metadata