project-context
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (LOW): The skill is designed to execute local system commands such as
pwd,git status, andgit logto identify project environments and verify their current state.\n- DATA_EXFILTRATION (LOW): Thereference/projects-list.mdfile andSKILL.mdcontain hardcoded absolute filesystem paths (e.g.,/Users/tmkipper/Desktop/tk_projects/) which expose the host's directory structure and user identity.\n- PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8) as it ingests data from external project files and interpolates it into the agent context without sanitization.\n - Ingestion points: Reads content from
<project-root>/.claude/PROJECT_CONTEXT.md,CLAUDE.md, andpackage.json.\n - Boundary markers: No delimiters or 'ignore instructions' warnings are used for the ingested content.\n
- Capability inventory: The skill can execute local commands and write files.\n
- Sanitization: No content validation or escaping is applied to the data read from external project files.
Audit Metadata