mot
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- Command Execution (MEDIUM): The skill uses the
--fixflag to perform active system modifications. - Evidence: It executes
chmod +x .claude/hooks/*.shto change file permissions. - Evidence: It executes
npm run buildwithin the.claude/hooksdirectory, which runs arbitrary scripts defined in the localpackage.json. - Data Exposure (LOW): The skill interacts with the local PostgreSQL database using the
$DATABASE_URLenvironment variable. - Evidence: It runs
psql "$DATABASE_URL" -c "SELECT 1"and other queries to verify the health of the memory system. - Indirect Prompt Injection (LOW): The skill parses multiple local configuration and markdown files, which are potential ingestion points for untrusted data.
- Ingestion points:
.claude/skills/*/SKILL.md,.claude/agents/*.md, and.claude/settings.json. - Boundary markers: None. The skill uses standard Unix utilities (grep, sed, cut) to extract values from these files.
- Capability inventory: File system read/write,
chmod,npm build, andpsqlaccess. - Sanitization: Uses basic string manipulation (xargs, cut) which may not fully protect against malicious content in parsed fields, though the current implementation is largely limited to existence checks and count logs.
Audit Metadata