Skills
skills/masanao-ohba/claude-manifests/coding-standards/Gen Agent Trust Hub

coding-standards

Pass

Audited by Gen Agent Trust Hub on Mar 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local commands yq and php -l to provide functionality.
  • The SessionStart hook uses yq to read .coding_standards from .claude/config.yaml.
  • The PostToolUse hook uses php -l to check the syntax of PHP files after they are edited.
  • [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection because it reads and displays content from project files.
  • Ingestion points: .claude/config.yaml (read by yq) and any PHP file edited (processed by php -l).
  • Boundary markers: None present; the skill outputs configuration data directly to the agent's context.
  • Capability inventory: The skill has command execution capabilities via hooks defined in SKILL.md.
  • Sanitization: No explicit sanitization or instruction-ignoring delimiters are used for the echoed output from yq.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 16, 2026, 12:52 AM