Skills
skills/juliusbrussee/cavekit/capability-discovery/Gen Agent Trust Hub

capability-discovery

Warn

Audited by Gen Agent Trust Hub on Apr 18, 2026

Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: Accesses sensitive configuration files located at ~/.claude.json and ~/.claude/plugins/installed_plugins.json. These files often contain sensitive environment configurations and metadata for the user's AI environment which could be exposed during the discovery process.\n- [COMMAND_EXECUTION]: Executes the local script cavekit-tools.cjs using the node runtime to facilitate tool discovery.\n- [PROMPT_INJECTION]: The skill processes untrusted data from local configuration files (.mcp.json) which could influence the behavior of downstream tools like /ck:sketch or /ck:make.\n
  • Ingestion points: Processes ~/.claude.json, .mcp.json, and installed_plugins.json (SKILL.md).\n
  • Boundary markers: None explicitly defined for the data parsing phase.\n
  • Capability inventory: Executes sub-commands via node and performs file system reads.\n
  • Sanitization: No specific sanitization or validation logic is described for the content of the discovered configuration files.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 18, 2026, 09:28 PM