discover-capabilities
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWCOMMAND_EXECUTION
Full Analysis
- [Command Execution] (INFO): The skill utilizes standard shell utilities (
cat,jq,grep,ls) and a project-local CLI (pnpm run cli) for reading and searching project files. These operations are limited to the local environment and are used for information retrieval only.\n- [Data Exposure & Exfiltration] (SAFE): No exfiltration patterns or network-based commands (e.g., curl, wget, fetch) were detected. Access is confined to project-specific documentation and source modules, with no access to sensitive system-level credentials or secrets.\n- [Indirect Prompt Injection] (INFO): The skill defines a surface for ingesting project-internal data.\n - Ingestion points: .ai/capabilities.json, CLAUDE.md, .claude/skills/\n
- Boundary markers: Absent\n
- Capability inventory: Read-only shell commands and local semantic search; no file-write, privilege escalation, or network-write capabilities are present.\n
- Sanitization: Absent; the workflow assumes project-internal configuration files are trusted assets.\n- [Prompt Injection] (SAFE): No instructions attempt to override agent safety protocols, bypass system constraints, or extract internal system prompts.
Audit Metadata