clean-code
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (HIGH): The 'Verification Scripts' section (SKILL.md) instructs the agent to run Python scripts via the shell (e.g.,
python ~/.claude/skills/...). This pattern grants the skill the ability to execute arbitrary local code. - REMOTE_CODE_EXECUTION (HIGH): The skill attempts to orchestrate the execution of files across different skill directories (e.g.,
api-patterns,vulnerability-scanner). This cross-skill execution of Python files represents a high-risk capability if the source files are not strictly validated. - PROMPT_INJECTION (MEDIUM): The document uses high-pressure directive language ('CRITICAL', 'MANDATORY', 'VIOLATION') to override default agent behavior and enforce a rigid execution loop that includes running external scripts.
- INDIRECT_PROMPT_INJECTION (HIGH): The 'Script Output Handling' instructions require the agent to 'capture ALL output' and 'Parse the output'. This creates an attack surface where a malicious or compromised project file being scanned could produce output that injects instructions directly into the agent's context.
- Ingestion points: Captured stdout/stderr from verification scripts (SKILL.md).
- Boundary markers: None specified for the script output capture process.
- Capability inventory: File 'Read', 'Write', and 'Edit' permissions; shell command execution via
pythoncalls. - Sanitization: No sanitization or validation logic is defined for the script output before the agent is instructed to 'parse' and 'summarize' it.
Recommendations
- AI detected serious security threats
Audit Metadata