skill-review
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides and executes shell commands for file system maintenance, including 'find' to locate broken symlinks, 'rm' and 'ln' to repair directory structures, and 'git' for version control. These commands are targeted at the user's local skill directories (~/.agents/skills/ and ~/Code/joelhooks/joelclaw/skills/) and are consistent with the skill's primary purpose of inventory management.\n- [PROMPT_INJECTION]: The skill implements a 'Monthly deep review' process that involves reading the content of other skills (SKILL.md) and comparing them against system documentation (AGENTS.md). This ingestion of external data creates a surface for indirect prompt injection.\n
- Ingestion points: The process reads SKILL.md files from the canonical skills repository and the AGENTS.md ground-truth file.\n
- Boundary markers: No specific delimiters or safety instructions are described to separate the audited content from the auditor's instructions.\n
- Capability inventory: The agent has the ability to modify the local file system (rm, ln, mkdir), commit changes to git, and send events via the joelclaw CLI tool.\n
- Sanitization: The documentation does not specify sanitization or validation of the ingested skill content before it is processed by the LLM for the deep review report.
Audit Metadata