agent-auditor
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill utilizes the Bash tool to execute
lsandwccommands. These are standard system utilities used appropriately for the skill's primary purpose of file discovery and size estimation. - [PROMPT_INJECTION] (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) because it processes untrusted data from project files and uses it to drive logic and tool execution.
- Ingestion points: The skill reads metadata and directory names from
.claude/agents/*.mdand.claude/skills/. - Boundary markers: Absent. There are no delimiters or instructions to ignore potential commands embedded within the audited agent files.
- Capability inventory: The skill possesses the capability to execute shell commands via the Bash tool (
ls,wc). - Sanitization: Absent. The skill extracts directory names (skill-names) and interpolates them directly into shell commands (e.g.,
wc -c ~/.claude/skills/<skill-name>/*.md). If a project contains a directory name with shell metacharacters (e.g.,; rm -rf / ;), it could lead to command injection when the auditor is run against that project.
Audit Metadata