clean-code
Fail
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requires the agent to execute multiple Python scripts using the
pythoncommand from paths residing in separate skill directories (e.g.,python ~/.claude/skills/api-patterns/scripts/api_validator.py .). This pattern represents the execution of code from unverified local sources that are not part of the skill's own package, posing a significant risk of arbitrary code execution if those paths are compromised. - [PROMPT_INJECTION]: The "Script Output Handling" instructions expose the agent to indirect prompt injection risks.
- Ingestion points: The agent is instructed to capture and parse all raw output from external scripts (documented in the 'Verification Scripts' section).
- Boundary markers: Absent. There are no delimiters or instructions to treat script output as untrusted data, increasing the risk that the agent may follow instructions embedded within that output.
- Capability inventory: The agent has the capability to read/write files and execute subprocesses (Python commands).
- Sanitization: Absent. The skill provides no mechanisms for sanitizing or validating script output before summarizing it for the user or using it to decide on further actions.
Recommendations
- AI detected serious security threats
Audit Metadata