skills/jeremylongshore/claude-code-plugins-plus-skills/code-of-conduct-generator/Gen Agent Trust Hub
code-of-conduct-generator
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Prompt Injection] (HIGH): Vulnerable to Indirect Prompt Injection. The skill is designed to ingest and process technical documentation (untrusted data) from the file system.
- Ingestion points: Uses
ReadandGrepto access project files, which may contain attacker-controlled content. - Boundary markers: Absent. There are no instructions to the agent to treat external content as data rather than instructions.
- Capability inventory: Grants the agent
Bash,Write, andEdittools. - Sanitization: Absent. No logic is provided to sanitize or validate content before it is processed or used to generate outputs.
- [Command Execution] (HIGH): The skill requests access to the
Bashshell. While no malicious scripts are included in the skill definition itself, the combination of text-processing capabilities and terminal access allows for the execution of arbitrary commands if an indirect injection attack is successful.
Recommendations
- AI detected serious security threats
Audit Metadata