clean-code
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The 'Verification Scripts' section contains a table of Python commands (e.g.,
python ~/.claude/skills/vulnerability-scanner/scripts/security_scan.py .) that the agent is forced to execute upon task completion. These scripts reside in external paths that are not part of the current skill package. - REMOTE_CODE_EXECUTION (MEDIUM): By instructing the agent to execute scripts from absolute paths in the user's home directory (
~/.claude/skills/), the skill introduces a vulnerability where an attacker could place malicious scripts in those locations to gain code execution when the agent attempts to 'verify' its work. - PROMPT_INJECTION (LOW): The skill uses high-pressure directives like 'CRITICAL', 'MANDATORY', and 'VIOLATION' to force the agent to bypass standard behavior, such as providing explanations or tutorials, and instead 'Just write code'.
- DATA_EXPOSURE (LOW): The instructions require the agent to 'capture ALL output' from external scripts and summarize them for the user. If an external script reads sensitive configuration or environment data, this output handling could inadvertently leak that information to the user session.
Audit Metadata