Skills
skills/levnikolaevich/claude-code-skills/ln-614-docs-fact-checker/Gen Agent Trust Hub

ln-614-docs-fact-checker

Warn

Audited by Gen Agent Trust Hub on Apr 26, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to use the Bash tool to run verification commands like ls, grep, and sed. These commands are constructed using variables such as path, pkg, VAR, and name, which are extracted directly from documentation files within the audited codebase.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. Mandatory evidence chain: 1. Ingestion points: All .md files discovered in the project (SKILL.md Phase 2). 2. Boundary markers: None specified. 3. Capability inventory: Bash, Grep, Glob, Read (SKILL.md frontmatter). 4. Sanitization: No explicit escaping or validation of extracted claim values before shell interpolation is provided in the instruction set.
  • [EXTERNAL_DOWNLOADS]: The skill fetches configuration and reference markdown files from the author's GitHub repository (levnikolaevich/claude-code-skills) if they are missing from the local environment.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 26, 2026, 01:34 PM