Skills
skills/faionfaion/faion-network/faion-claude-code/Gen Agent Trust Hub

faion-claude-code

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (LOW): The mcp-servers/README.md file contains a catalog of third-party MCP servers with installation commands using npx. Many sources are from trusted organizations like Anthropic, Stripe, and Cloudflare, which limits risk per the trust-scope-rule. Third-party packages are presented for user-initiated manual installation. \n- [COMMAND_EXECUTION] (LOW): Documentation describes how to utilize the Bash tool with whitelisting and prefix matching. It also covers the ! prefix for commands in slash commands, which is a core platform feature. \n- [PRIVILEGE_ESCALATION] (LOW): The agents/README.md file documents the bypassPermissions mode. Although it is a high-privilege setting, the documentation explicitly labels it as 'dangerous', providing users with necessary context regarding the security trade-offs. \n- [INDIRECT_PROMPT_INJECTION] (LOW): The documentation defines patterns for interpolating user arguments (e.g., $ARGUMENTS) directly into commands. \n
  • Ingestion points: commands/README.md (via $1, $2, $ARGUMENTS). \n
  • Boundary markers: Absent in provided templates. \n
  • Capability inventory: Full access to Bash, Task, and Write tools as described in agent configurations. \n
  • Sanitization: No sanitization logic is present in the provided templates. \n- [CREDENTIALS_UNSAFE] (SAFE): The catalog includes setup instructions for numerous services (Google Ads, Meta, Jira, etc.) but consistently uses placeholders like ... or token for API keys and secrets.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:14 PM