copy-skill
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands (
ls,mkdir -p,cp -r) to manage and move skill directories within the user's home directory (~/.claude/) and the current project directory (.claude/). These operations are necessary for the skill's primary function of managing agent extensions. - [PROMPT_INJECTION]: The skill reads the
nameanddescriptionfields from the frontmatter ofSKILL.mdfiles located in a cache directory. This data is then formatted and displayed to the user, creating a surface for indirect prompt injection. If a file in the cache contains malicious instructions in its metadata, it could potentially influence the agent's behavior when the listing command is executed. - Ingestion points: Reads
SKILL.mdfrontmatter from~/.claude/plugins/cache/product-forge-marketplace/(SKILL.md). - Boundary markers: None explicitly mentioned to wrap the metadata content during display.
- Capability inventory: Executes
ls,mkdir, andcp(SKILL.md). - Sanitization: No evidence of sanitization or validation of the metadata content before display.
Audit Metadata