clean-code
Warn
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill mandates the execution of several Python scripts for validation, such as 'ux_audit.py' and 'security_scan.py', which are located in the hidden system directory path '~/.claude/skills/'.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted repository files and executes system commands based on that input. 1. Ingestion points: local source code files. 2. Boundary markers: absent. 3. Capability inventory: execution of local Python scripts. 4. Sanitization: absent.
Audit Metadata