Skills
skills/melodic-software/claude-code-plugins/sandbox-configuration/Gen Agent Trust Hub

sandbox-configuration

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [Indirect Prompt Injection] (LOW): The skill is designed to ingest and process data from the docs-management skill.
  • Ingestion points: Data returned from the docs-management skill based on keyword queries.
  • Boundary markers: Absent. The instructions do not define delimiters for the ingested documentation data.
  • Capability inventory: The skill has access to Read, Glob, Grep, and Skill (allowing it to trigger further tool/skill executions).
  • Sanitization: Absent. There is no mention of escaping or validating the content retrieved from the documentation skill.
  • [Prompt Injection] (SAFE): No malicious override or bypass instructions (e.g., 'ignore previous instructions') were detected. The 'MANDATORY' instruction to invoke another skill is a functional requirement for its purpose.
  • [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials, sensitive file paths (like SSH keys), or suspicious network operations were found. The configuration keys mentioned (e.g., dangerouslyDisableSandbox) are standard configuration parameters for the target tool.
  • [Unverifiable Dependencies & Remote Code Execution] (SAFE): No package managers (npm, pip) or remote script execution patterns (curl|bash) are present.
  • [Privilege Escalation] (SAFE): The skill discusses OS-level enforcement tools like bubblewrap and Seatbelt but does not attempt to gain unauthorized privileges.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:10 PM