breaking-changes
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it fetches and processes external Claude Code API documentation without explicit safety constraints for the ingestion pipeline.
- Ingestion points: Fetches latest API documentation and changelogs from external sources as described in the detection workflow.
- Boundary markers: Absent; there are no specified delimiters or instructions to ignore embedded instructions within the fetched documents.
- Capability inventory: Utilizes subprocess calls for curl, grep, and jq.
- Sanitization: No sanitization or validation of the fetched external content is described before it is processed by local tools.
- [EXTERNAL_DOWNLOADS]: The skill uses curl -sL to retrieve API surface updates and changelogs. This is a standard operation for the skill's stated purpose of monitoring vendor updates from the Claude Code ecosystem.
- [COMMAND_EXECUTION]: The skill documentation lists the use of grep -rn, jq, and wc -l for analyzing plugin files and assessing impact mapping. These tools are used for their intended purpose of pattern matching and structured data parsing.
Audit Metadata