statusline-generator
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill includes an installation script that moves a local bash script to the user's home directory (
~/.claude/statusline.sh) and modifies the agent's configuration (settings.json) to execute it. This is standard procedure for statusline customization in this environment. - [DATA_EXPOSURE] (SAFE): The statusline script reads the current username, working directory, and git branch status. This data is used solely for terminal display and is not exfiltrated or sent to unauthorized external endpoints.
- [EXTERNAL_DOWNLOADS] (SAFE): The documentation suggests installing
ccusagevia npm from@anthropic-ai/ccusage. Asanthropicis a trusted organization, this recommendation is considered safe. - [INDIRECT_PROMPT_INJECTION] (LOW): The script ingests untrusted data from the filesystem (directory paths and git branch names) to display in the UI. While this represents a potential surface for terminal-based escape sequence injection, the risk is minimal and inherent to shell prompt customization.
Audit Metadata