Skills
skills/jeremylongshore/claude-code-plugins-plus-skills/tracking-model-versions/Gen Agent Trust Hub

tracking-model-versions

Pass

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONNO_CODEPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill requests broad Bash(cmd:*) permissions to perform version control and model management tasks, which is a high-privilege capability.
  • [NO_CODE]: Documentation in scripts/README.md references model_registry_client.py and performance_logger.py, but these files are not included in the provided skill package, which may lead to execution errors if invoked.
  • [PROMPT_INJECTION]: The skill processes external model configuration files and user-provided metadata, representing a potential surface for indirect prompt injection.
  • Ingestion points: User requests and model configuration files (e.g., YAML/JSON) processed via scripts/version_control.sh.
  • Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are present in the instruction set.
  • Capability inventory: The agent is granted Bash, Write, and Edit permissions in SKILL.md.
  • Sanitization: No explicit validation or sanitization logic is present in the provided Python-based script.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 13, 2026, 11:05 AM