project-audit
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a consolidated Bash script for project discovery as specified in Dimension 3 and Rule 9. The script is defined as a static template within the skill's own instructions and performs benign, read-only operations such as file existence checks, line counting, and directory listing.
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection because it ingests and processes content from various untrusted project files to perform its audit.
- Ingestion points: The skill reads contents from
CLAUDE.md,ai-context/*.md,openspec/config.yaml,settings.json,analysis-report.md, and localSKILL.mdfiles. - Boundary markers: Absent; there are no explicit delimiters or instructions to the agent to disregard malicious instructions that might be embedded within the project files being audited.
- Capability inventory: The skill uses file reading, globbing, and grep tools. It can write a report to
.claude/audit-report.mdand execute its internal Bash discovery script. - Sanitization: No escaping or validation is performed on the content extracted from the files before it is processed by the agent.
Audit Metadata