deep-audit
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses a vulnerability surface for indirect prompt injection due to its recursive processing of untrusted repository data while maintaining high-privilege access.\n
- Ingestion points: Ingests content from multiple locations including
.claude/hooks/*.py,.claude/hooks/*.sh,.claude/skills/*/SKILL.md, and project documentation files.\n - Boundary markers: The workflow lacks specific boundary markers or instructions to isolate the audited content from the agent's logic, which could lead to the execution of instructions embedded within the files.\n
- Capability inventory: The skill is equipped with
Write,Edit,Bash, andTasktools, allowing it to modify code and execute system-level commands based on the findings.\n - Sanitization: There is no evidence of sanitization or strict schema validation for the data ingested from the filesystem before it triggers fixes or command execution.\n- [COMMAND_EXECUTION]: The skill performs shell operations and interacts with executable files as part of its auditing and build processes.\n
- Evidence: Utilizes the
Bashtool to perform documentation rendering tasks such asquarto render.\n - Evidence: Explicitly identifies and modifies logic within executable hook scripts in the
.claude/hooks/directory to enforce code quality standards.
Audit Metadata