Skills
skills/phrazzld/claude-config/check-onboarding/Gen Agent Trust Hub

check-onboarding

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [Indirect Prompt Injection] (LOW): The skill analyzes local source code, creating a surface where malicious content within those files could theoretically influence the AI's audit report.
  • Ingestion points: Local .ts and .tsx files (via SKILL.md).
  • Boundary markers: Absent. The skill does not use specific delimiters to separate code content from its report instructions.
  • Capability inventory: Shell execution is limited to find, grep, wc, and tr. No file-write or network-access capabilities were detected across the skill's scripts.
  • Sanitization: None. The skill reports findings based on raw string matches found in the code.
  • [COMMAND_EXECUTION] (SAFE): The skill uses bash blocks to execute grep and find for static analysis. These commands are used for their primary intended purpose and follow safety best practices, such as excluding node_modules and redirecting errors to /dev/null.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:25 PM