integration
Warn
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is configured to use the Bash tool to perform system-level updates on artifacts.
- Evidence: The frontmatter of artifact-updater/SKILL.md explicitly lists 'Bash' as a required tool.
- [REMOTE_CODE_EXECUTION]: The skill instructions guide the agent to dynamically load and execute logic from local JavaScript files at runtime.
- Evidence: The workflow in artifact-updater/SKILL.md requires '.claude/lib/creator-commons.cjs' and executes functions from it.
- [DATA_EXFILTRATION]: The skill performs extensive read operations on sensitive internal directories containing the agent's core instructions and configuration.
- Evidence: The skill reads from paths like .claude/skills/, .claude/agents/, and .claude/hooks/.
- [PROMPT_INJECTION]: The skill provides a surface for indirect prompt injection by using user-supplied descriptions to rewrite the agent's own behavior files.
- Ingestion points: The '--changes' argument provided in artifact-updater/SKILL.md.
- Boundary markers: None specified to differentiate user-provided changes from existing artifact logic.
- Capability inventory: The skill utilizes 'Write', 'Edit', and 'Bash' tools to modify the agent's own environment.
- Sanitization: No explicit sanitization or validation of the content of the proposed changes is described in the provided code snippets.
Audit Metadata