learn
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
lsandgrepto list and search for files within the.claude/skills/directory for management purposes.\n- [PROMPT_INJECTION]: The skill provides an indirect prompt injection surface (Category 8) by extracting and persisting session-derived information.\n - Ingestion points: Processes discoveries, workflows, and session history into a new SKILL.md file.\n
- Boundary markers: Absent; the template for skill extraction does not use specific delimiters to isolate potentially untrusted session data.\n
- Capability inventory: File listing, searching, and writing within the project's local directory structure.\n
- Sanitization: Includes a 'Quality Gate' check that explicitly instructs the agent to verify no sensitive information (credentials or personal data) is included in the output.
Audit Metadata