working-with-claude-code
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): The skill contains a script
scripts/update_docs.jsused to synchronize documentation fromdocs.claude.com. The script is securely implemented with a restrictive regular expression that limits downloads to markdown files from the official documentation domain. - [COMMAND_EXECUTION] (SAFE): Documentation files (e.g.,
setup.md,cli-reference.md) include examples of shell commands for installing and configuring the tool. These are static examples intended for the user and are not executed by the skill itself. - [CREDENTIALS_UNSAFE] (SAFE): Various documentation files mention sensitive environment variables like
AWS_ACCESS_KEY_IDandANTHROPIC_API_KEY. These are correctly handled as descriptive documentation with placeholders (e.g., 'your-access-key-id') and do not contain hardcoded secrets. - [PROMPT_INJECTION] (SAFE): The skill instructions in
SKILL.mdfocus on guiding the agent to provide accurate documentation and do not include any patterns typical of prompt injection or safety guideline overrides.
Audit Metadata