who-we-are
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill reads untrusted project data (CLAUDE.md) and presents it to the agent. This creates a high-risk surface for indirect prompt injection as the agent has active shell execution capabilities. Ingestion points: CLAUDE.md. Boundary markers: None. Capability inventory: uname, pwd, date, and version checks. Sanitization: None.
- COMMAND_EXECUTION (MEDIUM): The skill performs system reconnaissance using shell commands to identify OS, shell versions, and installed CLI tools. Evidence: Execution of uname, pwd, and version checks for Claude Code and other tools.
- DATA_EXFILTRATION (MEDIUM): The skill exposes local system metadata and user-identifiable information. Evidence: The pwd command reveals full file system paths which often include the local operating system username. Environment variables like $SHELL and $TERM_PROGRAM are exposed, providing configuration details about the host environment.
Recommendations
- AI detected serious security threats
Audit Metadata