sparksatchel
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill downloads pre-trained embedding models from the Hugging Face Hub via the
sentence-transformerslibrary. This is a standard and expected behavior for providing semantic search capabilities and utilizes a well-known, trusted service. - [DATA_EXPOSURE_AND_EXFILTRATION]: The system accesses the local skill directory (~/.claude/skills) to perform health checks and index metadata. It maintains a local SQLite database for usage tracking and success rates. These operations are confined to the local environment and are necessary for the skill's primary function.
- [INDIRECT_PROMPT_INJECTION]: As a retrieval system, the skill ingests user requests to recommend matching tools, presenting an attack surface for indirect prompt injection.
- Ingestion points: User requests are processed in
src/retriever.pyto drive the recommendation engine. - Boundary markers: None identified in the retrieval prompt logic.
- Capability inventory: The skill itself does not execute recommended tools; it manages local indexing and database operations.
- Sanitization: Employs basic regular expression matching for intent and entity extraction in
src/analysis/intent.py.
Audit Metadata