Skills
skills/julianobarbosa/claude-code-skills/consulting-design/Gen Agent Trust Hub

consulting-design

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
  • Dynamic Execution (MEDIUM): The mcp__gemini__ask-gemini tool documentation explicitly identifies a sandbox: true option for code execution. This allows the agent to execute code generated by the LLM at runtime. Although intended for architectural validation and trade-off analysis, executing dynamically generated code is an inherent security risk.
  • Indirect Prompt Injection (LOW): The skill is configured to ingest data from the local environment using Read, Grep, and Glob tools to provide context for the AI.
  • Ingestion points: Local filesystem content read via standard MCP tools.
  • Boundary markers: The provided prompt templates do not utilize delimiters or specific instructions to ignore embedded commands in the context data.
  • Capability inventory: The agent has the ability to execute code (via the sandbox tool parameter) and access the filesystem.
  • Sanitization: There is no evidence of sanitization or filtering of the file content before it is interpolated into the model's prompt.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 05:44 PM