alignment-review
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The skill executes bash scripts located in
.claude/hooks/(lint.sh, check-debug.sh). This grants the repository the ability to execute arbitrary code on the agent's host if those files are modified by an attacker. - PROMPT_INJECTION (LOW): Vulnerable to indirect prompt injection (Category 8) via processed data. The agent reads untrusted content from git diffs and RFC files without sanitization or clear boundary markers. Evidence Chain: 1) Ingestion points:
git diffoutput,rfcs/directory files, and project documentation. 2) Boundary markers: None provided to separate instructions from data. 3) Capability inventory:Bash(script execution),Read,Grep,Glob. 4) Sanitization: No sanitization or validation of external content before processing.
Audit Metadata