Apqpppap

The skill 'Apqpppap' is primarily a documentation and guidance skill for Advanced Product Quality Planning (APQP) and Production Part Approval Process (PPAP). Most of its content is descriptive text, tables, and checklists provided in markdown format across several files.

Threats Detected:

1. COMMAND_EXECUTION (LOW):
   • SKILL.md (Line 183): ls ~/.claude/skills/Apqpppap/templates/
   • SKILL.md (Line 180): read ~/.claude/skills/Apqpppap/CLAUDE.md
   • SKILL.md (Line 186): read ~/.claude/skills/Apqpppap/reference/gate-checklists.md
   • SKILL.md (Line 189): read ~/.claude/skills/Apqpppap/reference/ppap-forms.md
   • Workflows/PhaseGate.md (Line 16): read ~/.claude/skills/Apqpppap/reference/gate-checklists.md These commands are used to display content from local files within the skill's own directory or to list the contents of a local directory. While technically command execution, they are used in a benign, informational context and do not pose a significant security risk. They do not access sensitive system files, perform network operations, or attempt privilege escalation.

No other threats were detected:

• Prompt Injection: No patterns found that attempt to override AI behavior or bypass safety guidelines.
• Data Exfiltration: No commands attempting to read sensitive files (e.g., ~/.aws/credentials, ~/.ssh/id_rsa) or send data to external, non-whitelisted domains. Local file references like ~/projects/work/docs/... are within the user's expected project space and are not inherently sensitive for exfiltration purposes.
• Obfuscation: No Base64, zero-width characters, homoglyphs, or other obfuscation techniques were found.
• Unverifiable Dependencies: No npm install, pip install, yarn add, or external git clone commands were found. The skill relies on internal references to other skills (e.g., Load Pfmea skill), which is a standard and safe mechanism for AI agents.
• Privilege Escalation: No sudo, chmod +x, or other privilege-escalating commands were found.
• Persistence Mechanisms: No attempts to modify .bashrc, crontab, or other system files for persistence.
• Metadata Poisoning: The skill's metadata (name, description) is clean and accurately reflects its purpose.
• Indirect Prompt Injection: The skill does not process external user-supplied content (like emails or web pages) in a way that would make it susceptible to indirect prompt injection.
• Time-Delayed / Conditional Attacks: No conditional logic based on dates, usage counts, or environment variables was found to trigger malicious behavior.

Conclusion: The skill is primarily a documentation and guidance tool. The presence of read and ls commands, while technically command execution, is limited to displaying local, non-sensitive information within the skill's own context. This poses a very low security risk. The skill is largely 'no-code' in its functional aspect, relying on descriptive text.