hud-manual-testing
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill utilizes local shell commands and scripts (e.g., cargo, ps, and custom reset/restart scripts) for application development and verification. These actions are restricted to the local environment and align with the skill's primary purpose.
- [PROMPT_INJECTION] (LOW): The skill contains a vulnerability surface for indirect prompt injection (Category 8) as it reads external data from application logs and configuration files that could be influenced by untrusted inputs. 1. Ingestion points: ~/.capacitor/hud-hook-debug.log, ~/.capacitor/sessions.json, and ~/.claude/settings.json. 2. Boundary markers: Absent. 3. Capability inventory: Local shell command execution, build tools (cargo), and file system operations (cp, rm). 4. Sanitization: Absent.
Audit Metadata