clean-code
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill mandates the execution of numerous Python scripts located in hidden paths (~/.claude/skills/) based on the agent's role. Evidence: The mapping table in 'Verification Scripts' section includes commands such as 'python ~/.claude/skills/api-patterns/scripts/api_validator.py .'. Risk: This pattern executes code from paths outside the skill's own directory, which could lead to arbitrary code execution if those scripts are malicious or have been tampered with.
- [PROMPT_INJECTION] (MEDIUM): The skill employs 'CRITICAL' and 'MANDATORY' labels and 'VIOLATION' warnings to force the agent to prioritize these instructions over its own internal safety or operational guidelines. Evidence: Use of red circle emojis and phrases like 'Rule: Edit the file + all dependent files in the SAME task' and 'VIOLATION: Running script and ignoring output = FAILED task.'
- [COMMAND_EXECUTION] (MEDIUM): Inherent risk from combining 'Read', 'Write', and 'Edit' capabilities with instructions to 'Write it directly' and 'Fix it, don't explain', which bypasses standard reasoning steps.
- [INDIRECT_PROMPT_INJECTION] (HIGH): Mandatory Evidence Chain: 1. Ingestion point: Script output parsing from 'Verification Scripts'. 2. Boundary markers: None present. 3. Capability inventory: 'Read', 'Write', 'Edit' tools are allowed. 4. Sanitization: No sanitization or validation of script output is described before the agent is instructed to 'Fix it'.
Recommendations
- AI detected serious security threats
Audit Metadata