Skills
skills/pedrohcgs/claude-code-my-workflow/deep-audit/Gen Agent Trust Hub

deep-audit

Pass

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to run local scripts and documentation tools.
  • Evidence: Runs python3 scripts/check-skill-integrity.py --verbose to perform mechanical parity checks on skill metadata.
  • Evidence: Runs quarto render guide/workflow-guide.qmd to update documentation after changes.
  • [PROMPT_INJECTION]: The skill processes and acts upon the content of numerous files within the repository, creating a surface for indirect prompt injection.
  • Ingestion points: Reads various file types including hooks (.claude/hooks/*.py), scripts (scripts/*.py), rules (.claude/rules/*.md), and documentation (README.md, guide/*.qmd).
  • Boundary markers: No specific delimiters are defined to separate file content from agent instructions during the audit process.
  • Capability inventory: The skill has access to Bash, Write, Edit, and Task tools, enabling it to modify the repository and execute commands based on its analysis.
  • Sanitization: Content from the audited files is processed without explicit sanitization or escaping before being evaluated by the subagents.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 29, 2026, 10:26 AM