skills/jeremylongshore/claude-code-plugins-plus/assisting-with-soc2-audit-preparation/Gen Agent Trust Hub
assisting-with-soc2-audit-preparation
Warn
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/generate_soc2_report.pyincludes agenerate_scriptfunction that programmatically writes bash scripts to the file system and explicitly modifies their permissions to make them executable (chmod 0o755). - [COMMAND_EXECUTION]: The skill's YAML frontmatter allows the use of Bash tools scoped to
audit-collect:*andcompliance-check:*, enabling the execution of shell commands for evidence gathering and control assessment. - [PROMPT_INJECTION]: The skill is designed to ingest and analyze untrusted external data sources, such as cloud audit logs, incident response logs, and third-party configuration files. This creates a risk of indirect prompt injection where instructions embedded in the audit evidence could manipulate the agent's behavior. The instructions lack explicit boundary markers or data sanitization requirements for this ingested content.
Audit Metadata