health-audit
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to run system discovery commands including 'find', 'jq', and 'claude plugin list' to identify project technology stacks and current plugin states.
- [DATA_EXFILTRATION]: The skill reads '~/.claude/settings.json' to identify globally enabled plugins. Accessing files in the user's home directory outside of the project root is a sensitive operation that can lead to data exposure.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests and processes untrusted data from project configuration files and marketplace metadata.
- Ingestion points: Data is read from files such as 'package.json', 'Cargo.toml', 'pyproject.toml', and '.claude/settings.json'.
- Boundary markers: Absent. The skill does not implement delimiters or instructions to ignore embedded instructions when reading file content.
- Capability inventory: The agent has 'Write', 'Edit', and 'Bash' capabilities which could be targeted by malicious content within processed files.
- Sanitization: Absent. There is no logic described to validate or sanitize the data extracted from the filesystem before use in logic or reporting.
Audit Metadata