Skills
skills/kwazema/claude-skills/kw-code-cleanup/Gen Agent Trust Hub

kw-code-cleanup

Pass

Audited by Gen Agent Trust Hub on Mar 28, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Executes standard development commands npm run lint and npm outdated to analyze code health within the project environment.
  • [COMMAND_EXECUTION]: Invokes a local CLI tool (gsd-tools.cjs) belonging to the 'Get Shit Done' workflow from the user's home directory ($HOME/.claude/get-shit-done/bin/) to add new milestone phases.
  • [PROMPT_INJECTION]: Detected a surface for indirect prompt injection where the agent processes external tool output.
  • Ingestion points: Output generated by the npm run lint and npm outdated commands in Step 2 of the workflow (SKILL.md).
  • Boundary markers: No specific delimiters or safety instructions are used to separate the tool output from the agent's instructions.
  • Capability inventory: The agent has the capability to execute a local management tool (gsd-tools.cjs) that modifies the project roadmap and file structure (SKILL.md).
  • Sanitization: There is no evidence of sanitization or filtering of the diagnostic tool output before presentation to the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 28, 2026, 12:17 PM