style-analyzer
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted text samples as input, which creates a surface for indirect prompt injection where malicious instructions could be embedded in the analyzed data.
- Ingestion points: Text files and directories provided by the user via command-line arguments.
- Boundary markers: Not specified in the workflow for separating untrusted content from agent instructions.
- Capability inventory: Execution of internal Node.js scripts and writing data to specific local paths.
- Sanitization: No sanitization or validation of the input text content is mentioned prior to processing.
- [COMMAND_EXECUTION]: The skill invokes local Node.js scripts using the system shell to perform core profiling and memory management tasks.
- Evidence: Execution of '.claude/tools/cli/style-profiler.cjs' for text analysis.
- Evidence: Execution of '.claude/lib/memory/memory-search.cjs' for memory retrieval operations.
Audit Metadata