Skills
skills/melodic-software/claude-code-plugins/audit-agent-consolidation/Gen Agent Trust Hub

audit-agent-consolidation

Pass

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the Bash and Task tools to scan the filesystem for agent definitions located in plugins/ and .claude/agents/ directories.- [COMMAND_EXECUTION]: The --execute argument enables an interactive mode that modifies files to apply consolidation plans, though it incorporates a safety measure requiring explicit user confirmation for each operation.- [PROMPT_INJECTION]: An indirect prompt injection surface exists because the skill ingests data from external agent markdown files and passes it to a subagent (agent-consolidation-analyst) for analysis.\n
  • Ingestion points: Agent configuration files and YAML frontmatter found in plugin and project directories.\n
  • Boundary markers: Not explicitly implemented in the logic.\n
  • Capability inventory: Access to Bash and Task tools.\n
  • Sanitization: No specific filtering or sanitization of external configuration data is documented.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 5, 2026, 04:21 AM