Skills
skills/jeremylongshore/claude-code-plugins-plus/twinmind-cost-tuning/Gen Agent Trust Hub

twinmind-cost-tuning

Pass

Audited by Gen Agent Trust Hub on Apr 4, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes data from external TwinMind API endpoints which creates a surface for indirect prompt injection.
  • Ingestion points: references/implementation.md fetches data from /usage and /account endpoints.
  • Boundary markers: No specific delimiters or instructions to ignore embedded commands are present in the processing logic.
  • Capability inventory: The skill has access to Bash, Write, and Edit tools as defined in SKILL.md.
  • Sanitization: The provided logic does not show explicit sanitization or validation of the data retrieved from the API.
  • [COMMAND_EXECUTION]: The skill provides instructions to execute shell commands for system verification.
  • Evidence: SKILL.md contains a curl command targeting https://api.twinmind.com/v1/health. This is an interaction with the official service domain for health monitoring purposes.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 4, 2026, 07:27 PM