install
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The skill executes
python {SKILL_DIR}/install.pyto perform file system operations. * Evidence: It uses the Bash tool to copy files and create symlinks in system-critical paths like~/.claude/. - PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection through user-supplied installation parameters. * Ingestion points: User input collected via
AskUserQuestionfor tool selection and installation mode. * Boundary markers: None present to isolate user-provided strings from the command template. * Capability inventory: Access toBashfor script execution and file system manipulation. * Sanitization: The process relies solely on the LLM to correctly map indices to names rather than implementing programmatic validation. - PERSISTENCE (MEDIUM): The installer targets global configuration directories, allowing tools to persist across sessions. * Evidence: Installation to
~/.claude/ensures that any code installed by this skill remains available to the agent in all future environments.
Audit Metadata