container-expert
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it is designed to analyze untrusted code for best practice reviews. Ingestion points: User-provided code files accessed via the Read, Grep, and Glob tools. Boundary markers: Absent; the instructions do not specify delimiters or warnings to ignore instructions within the reviewed code. Capability inventory: The skill has access to powerful tools including Bash, Write, and Edit, which could be abused if the agent obeys instructions embedded in the code. Sanitization: Absent; no escaping or validation of the reviewed content is performed.
- [COMMAND_EXECUTION]: The skill's 'Memory Protocol' instructs the agent to execute a shell command ('cat .claude/context/memory/learnings.md') to retrieve session context. While this is used for state persistence, it involves direct command execution using the Bash tool.
Audit Metadata