skills/jeremylongshore/claude-code-plugins-plus-skills/versioning-strategy-helper/Gen Agent Trust Hub
versioning-strategy-helper
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill lacks security boundaries when processing untrusted data.
- Ingestion points: The skill is designed to process user-provided API designs, OpenAPI specifications, and versioning patterns.
- Boundary markers: Absent; there are no instructions to the agent to treat external data as untrusted or to use delimiters.
- Capability inventory: The skill is permitted to use
Read,Write,Edit, andBash(curl:*), allowing for file manipulation and network requests. - Sanitization: No sanitization or validation of user-provided content is mentioned.
- [Command Execution] (LOW): The skill requests
Bash(curl:*)permissions. While appropriate for the primary purpose of API development and testing, this capability could be abused if the agent is successfully manipulated via an indirect prompt injection attack.
Audit Metadata