Skills
skills/ibutters/claudecodeplugins/Plugin Settings/Gen Agent Trust Hub

Plugin Settings

Pass

Audited by Gen Agent Trust Hub on Mar 2, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill describes a pattern where content from project-local files is used as instructions or prompts for the AI agent.
  • Ingestion points: Data is read from .claude/*.local.md files within the project directory.
  • Boundary markers: The pattern uses YAML frontmatter delimiters to separate metadata from the markdown body, which is intended for instructions.
  • Capability inventory: Documentation examples demonstrate how to block session termination and inject new prompts into the agent's context.
  • Sanitization: The skill provides explicit security recommendations, such as using jq --arg for safe JSON construction and validating file paths to prevent traversal attacks.
  • [COMMAND_EXECUTION]: Local Utility Operations. Bash scripts and documentation snippets utilize standard Unix tools for configuration parsing and state management.
  • Evidence: Extensive use of sed, awk, grep, and jq for file processing.
  • Evidence: Documentation examples include the use of tmux send-keys for cross-session signaling.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 2, 2026, 12:06 AM