Skills
skills/maxritter/claude-pilot/update-refs/Gen Agent Trust Hub

update-refs

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • PROMPT_INJECTION (HIGH): High risk of Indirect Prompt Injection due to broad file access and modification capabilities.\n
  • Ingestion points: The skill uses Grep to read content from nearly all file types in the repository (*.{md,py,tsx,json,ts}), including configuration, documentation, and source code.\n
  • Boundary markers: Absent. There are no instructions or delimiters defined to prevent the agent from following malicious instructions found within the data being processed.\n
  • Capability inventory: The skill possesses extensive write capabilities, targeting sensitive files such as install.sh, pyproject.toml, launcher/cli.py, and installer/*.py.\n
  • Sanitization: Absent. There is no validation, escaping, or filtering of the content retrieved during search-and-replace operations.\n- COMMAND_EXECUTION (MEDIUM): The workflow involves executing npm run build and Grep. While standard, these commands could be exploited if the project's build configuration or files were previously compromised through the skill's own update mechanism.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 08:45 AM