skills/jeremylongshore/claude-code-plugins-plus-skills/analyzing-capacity-planning/Gen Agent Trust Hub
analyzing-capacity-planning
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requests broad permissions for
Bash(cmd:*). While the provided Python scripts (analyze_capacity.py,forecast_capacity.py, andrecommend_scaling.py) perform safe operations like computing file sizes and parsing JSON, the underlying bash permission allows for arbitrary system access if the agent is misled. - [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection because it reads and processes data from external files that could contain malicious instructions.
- Ingestion points: Files and directories processed by
scripts/analyze_capacity.pyandscripts/forecast_capacity.py. - Boundary markers: None. The prompt instructions do not specify delimiters to separate untrusted file content from instructions.
- Capability inventory: The skill has access to powerful tools including
Bash,Write,Edit, andRead. - Sanitization: No input validation, escaping, or instruction-filtering is implemented in the provided scripts or skill logic.
Audit Metadata