claude-code-guide
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWEXTERNAL_DOWNLOADSNO_CODE
Full Analysis
- [NO_CODE] (INFO): The skill is composed entirely of markdown documentation. There are no associated scripts (.py, .js, .sh) or executable components that could perform actions on the host system.
- [EXTERNAL_DOWNLOADS] (LOW): The guide recommends installing packages from the '@anthropic-ai' scope via npm. As 'anthropic' is a recognized Trusted GitHub Organization, these downloads are considered safe and the finding is downgraded per trust rules.
- [REMOTE_CODE_EXECUTION] (INFO): The documentation describes the 'claude skills install' command which can fetch skills from arbitrary GitHub repositories. This is a documented feature of the target CLI tool rather than a vulnerability in this guide, though it highlights an inherent risk in the tool's extensibility.
Audit Metadata