Skills
skills/jeremylongshore/claude-code-plugins-plus-skills/waf-rule-creator/Gen Agent Trust Hub

waf-rule-creator

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONNO_CODE
Full Analysis
  • PROMPT_INJECTION (LOW): The skill exhibits a surface for indirect prompt injection (Category 8).
  • Ingestion points: The skill triggers on user requests for 'waf rule creator' patterns and penetration testing advice.
  • Boundary markers: Absent; there are no instructions to the agent to treat input as data rather than instructions.
  • Capability inventory: High-privilege tools including Bash, Write, and Edit are allowed.
  • Sanitization: No sanitization or validation logic is defined in the skill metadata.
  • COMMAND_EXECUTION (LOW): The skill requests permission to use the Bash tool for tasks related to 'Security Advanced' and 'pentesting'. While no malicious commands are pre-authored, the presence of shell access without strict input validation guidelines increases the risk of command injection via malicious user requests.
  • NO_CODE (SAFE): The skill currently contains no executable script files, Python code, or Node.js logic; it is a purely descriptive configuration file.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:24 PM