skill-developer
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs users to run local scripts using
npx tsxto test hook activation (e.g.,.claude/hooks/skill-activation-prompt.ts). - [COMMAND_EXECUTION]: Troubleshooting instructions include the use of
chmod +xto make bash wrappers executable within the project's hook directory. - [EXTERNAL_DOWNLOADS]: The guide recommends executing
npm installwithin the.claude/hooksdirectory to set up the execution environment for TypeScript hooks. - [PROMPT_INJECTION]: The system architecture includes a 'UserPromptSubmit' hook that injects context based on user prompts, which serves as a surface for indirect prompt injection.
- Ingestion points: The UserPromptSubmit hook (documented in
HOOK_MECHANISMS.md) ingests user prompts to match against patterns inskill-rules.json. - Boundary markers: Output is formatted with graphical separators to distinguish injected context from user input.
- Capability inventory: The architecture supports injecting context into the prompt and blocking file-editing tools (PreToolUse hook).
- Sanitization: No explicit sanitization or input validation logic for user prompts is described in the implementation guide.
Audit Metadata