Skills
skills/djankies/claude-configs/reviewing-security/Gen Agent Trust Hub

reviewing-security

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION] (HIGH): The skill explicitly instructs the agent to execute a bash script located at a hidden path: ~/.claude/plugins/marketplaces/claude-configs/review/scripts/review-security.sh. This represents arbitrary command execution.
  • [REMOTE_CODE_EXECUTION] (HIGH): Execution of scripts from the ~/.claude/plugins/marketplaces/ directory implies reliance on external content that may have been downloaded at runtime, which is a common RCE vector.
  • [EXTERNAL_DOWNLOADS] (LOW): The skill utilizes npm audit and yarn audit, which connect to external package registries. Per [TRUST-SCOPE-RULE], these are considered trusted sources for audits, but remain a network-dependent operation.
  • [DATA_EXPOSURE] (HIGH): Multiple grep patterns target sensitive information including API_KEY, SECRET, PASSWORD, and TOKEN within .env files. Accessing these files exposes credentials to the agent session.
  • [INDIRECT_PROMPT_INJECTION] (HIGH): This is a code review skill that ingests untrusted source code and metadata.
  • Ingestion points: Reads all .ts, .js, .tsx, .jsx, and .env files within a project via Grep and Read tools.
  • Boundary markers: Absent. There are no instructions to the agent to treat the content of files as data rather than instructions.
  • Capability inventory: Possesses Bash and Read permissions; executes a specialized review script.
  • Sanitization: Absent. Data from external files is processed directly by grep patterns and the review script without validation.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 01:31 PM