cloning-project
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill utilizes common Linux shell commands (ls, cp, mkdir, zip, cat) to manage files. These operations are restricted to the local filesystem (/home/claude/, /mnt/user-data/uploads/, and /mnt/user-data/outputs/) and are necessary for the skill's stated goal of exporting project data.
- [DATA_EXPOSURE] (SAFE): While the skill accesses sensitive project instructions and user-uploaded files, it does so to provide them back to the user in the 'outputs' directory. There is no evidence of data being sent to external or untrusted destinations.
- [INDIRECT_PROMPT_INJECTION] (LOW):
- Ingestion points: The skill extracts content from the active context window (project instructions) and reads files from
/mnt/user-data/uploads/. - Boundary markers: The skill uses markdown and XML markers to identify content for extraction.
- Capability inventory: The skill has the ability to execute bash commands and write files to the output directory.
- Sanitization: The use of a quoted heredoc (
<< 'INSTRUCTIONS') in Step 2 is a good practice as it prevents the shell from performing variable expansion or command substitution on the extracted content, mitigating basic injection risks during the file-writing process.
Audit Metadata