agents-md
Warn
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill's workflow in
SKILL.md(Step 6) directs the agent to run "smoke checks" for core commands found within audited files, such asdev,test,build, andlint. This behavior allows the execution of arbitrary shell commands defined in local project configuration files, which could be malicious. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests and acts upon instructions found in untrusted
AGENTS.mdfiles and their variants. - Ingestion points: Reading
AGENTS.md,CLAUDE.md, andCLAUDE.local.mdas specified inSKILL.md. - Boundary markers: Absent; there are no delimiters or instructions to ignore embedded commands within the files being audited.
- Capability inventory: Shell execution of project scripts and file system operations (
mv,ln -s,find) as described inSKILL.mdandreferences/quality-criteria.md. - Sanitization: Absent; the skill does not validate or sanitize commands before execution.
- [DATA_EXFILTRATION]: The skill is instructed to access sensitive file paths, including the user's global configuration at
~/.claude/CLAUDE.mdand project-level.envor secret information discussed inAGENTS.md(as noted inreferences/quality-criteria.md). While this is for auditing purposes, it exposes sensitive data to the agent's context.
Audit Metadata