skill-documentarian
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- Data Exposure & Exfiltration (LOW): The file guides/README.md contains a hardcoded absolute file path (/Users/erichowens/.claude/CLAUDE.md) which exposes the local system username and directory structure of the developer.
- Command Execution (LOW): The skill provides a shell script (scripts/validate-skills-sync.sh) and documentation referencing the use of npm, npx, and git. These tools provide the capability to interact with the local filesystem and version control system as part of the skill's intended documentarian role.
- Indirect Prompt Injection (LOW): Ingestion points: The skill processes artifact.json, transcript.md, and various markdown files within the .claude/skills/ directory. Boundary markers: None. Capability inventory: The skill uses bash scripts and node-based metadata generators to read and validate file contents. Sanitization: None. While the skill ingests untrusted data from artifacts, its current capabilities are limited to validation and reporting, posing minimal risk unless combined with higher-privilege automation.
Audit Metadata