Skills
skills/haidang1810/skill-evolver/skill-health/Gen Agent Trust Hub

skill-health

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a local Node.js script using the path ${CLAUDE_PLUGIN_ROOT}/scripts/health.mjs. This involves a subprocess call to the node runtime using environment variables for path resolution.
  • [PROMPT_INJECTION]: The skill creates an attack surface for indirect prompt injection by processing external data.
  • Ingestion points: User input is accepted via $ARGUMENTS and passed to the shell command. The output of the script is then returned to the agent.
  • Boundary markers: There are no boundary markers or delimiters defined to isolate the script's output from the agent's instruction set.
  • Capability inventory: The skill has the capability to execute JavaScript files locally via Node.js.
  • Sanitization: There is no evidence of sanitization for the input arguments or the resulting script output, which the agent is explicitly told not to modify or summarize.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 08:17 AM