Skills
skills/kkkkhazix/khazix-skills/neat-freak/Gen Agent Trust Hub

neat-freak

Pass

Audited by Gen Agent Trust Hub on Apr 28, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits a significant attack surface for indirect prompt injection (Category 8). It is designed to ingest and process arbitrary data from the local project and agent environment, which could be controlled by a third party.
  • Ingestion points: In SKILL.md (Step 1), the agent is instructed to use ls, find, and read commands to ingest content from README.md, CLAUDE.md, all files in docs/, and platform-specific memory directories (e.g., ~/.claude/projects/*/memory/).
  • Boundary markers: The instructions lack boundary markers or explicit directives to ignore instructions embedded within the processed documentation files.
  • Capability inventory: The skill explicitly directs the agent to use Edit, Write, and file deletion tools to modify the project structure and agent state (Step 3).
  • Sanitization: There is no evidence of sanitization, validation, or escaping of the content read from external files before it is used to influence the agent's editing actions.
  • [COMMAND_EXECUTION]: The skill utilizes standard shell utilities such as ls, find, and grep (Step 1 and Step 4) to navigate the filesystem and identify documentation that requires synchronization. These commands are used to discover files rather than to execute arbitrary external payloads.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 28, 2026, 10:17 PM