skill-builder
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The
updatecommand directs users to fetch an installation script from the author's GitHub repository athttps://raw.githubusercontent.com/odysseyalive/claude-enforcer/main/install. As this is a vendor-owned resource, it is classified as a functional update mechanism. - [REMOTE_CODE_EXECUTION]: Documentation for the
updatecommand provides acurl | bashcommand pattern for users to execute. This is intended for self-updating the tool from the official repository. - [COMMAND_EXECUTION]: The
hooksandledgercommand procedures involve creating local bash scripts and modifying the.claude/settings.local.jsonconfiguration file to wire these hooks into the environment. The skill also describes using commands likechmod +xto manage script permissions. - [PROMPT_INJECTION]: The skill processes other local files such as
CLAUDE.mdand variousSKILL.mdfiles to extract directives and suggest optimizations, which represents an indirect prompt injection surface. - Ingestion points: Reads and greps all
.claude/skills/*/SKILL.mdfiles and the project rootCLAUDE.md. - Boundary markers: Uses structural headings like
## Directivesand blockquote formatting to delimit user instructions. - Capability inventory: Utilizes
TaskCreatefor spawning sub-agents andWrite/Editfor modifying skill files and system configurations. - Sanitization: The analysis does not identify explicit sanitization of input data to prevent the agent from being influenced by malicious instructions embedded in scanned project files.
Audit Metadata