docs
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
Greptool to search through documentation files. The use of this tool is restricted to searching local file contents and does not provide a path to arbitrary shell command execution. - [DATA_EXPOSURE]: The skill instructs the agent to read
../../.claude-plugin/plugin.jsonto extract a version number. This involves accessing a file outside the skill's immediate directory, which is a path traversal pattern. However, the operation is limited to reading a specific configuration file and does not target sensitive system or user data. - [PROMPT_INJECTION]: The
SKILL.mdfile contains an 'On load' instruction directing the agent to display a version string. While this overrides default agent behavior during initialization, the instruction is benign and serves an informational purpose without attempting to bypass safety protocols.
Audit Metadata