claude-ecosystem-promoter
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is highly susceptible to Indirect Prompt Injection. It is designed to 'Audit readiness' by reading and processing project documentation (README, docs, etc.), which are untrusted data sources.
- Ingestion points: Auditing of user-provided project files using Read, Glob, and Grep as described in SKILL.md.
- Boundary markers: Absent; no instructions are provided to the agent to treat audited content as data rather than instructions.
- Capability inventory: The skill utilizes high-privilege tools including Bash, Write, and Edit, enabling potential command execution and filesystem modification.
- Sanitization: No validation or sanitization of the content from processed files is implemented.
- COMMAND_EXECUTION (HIGH): The skill requests access to the Bash tool. While intended for developer tasks like repository management, this capability can be weaponized if the agent follows malicious instructions found during the project auditing phase.
- EXTERNAL_DOWNLOADS (LOW): The skill references several external registries and repositories (e.g., modelcontextprotocol/registry, smithery.ai). These references are classified as LOW severity per the [TRUST-SCOPE-RULE] as they point to well-known community resources within the intended scope of the skill.
Recommendations
- AI detected serious security threats
Audit Metadata