Skills
skills/squirrelsoft-dev/agent-skills/brownfield/Gen Agent Trust Hub

brownfield

Pass

Audited by Gen Agent Trust Hub on Apr 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill generates several shell scripts and installs them into the local repository's configuration directory.
  • Generates guard.sh, format.sh, stop-quality-gate.sh, and other utility scripts in .claude/hooks/.
  • Configures these scripts as automated hooks in .claude/settings.json to trigger during agent events like tool execution, file writes, and session termination.
  • [EXTERNAL_DOWNLOADS]: Recommends the installation of several well-known third-party tools to support analysis and project security.
  • Mentions jq, gitleaks, semgrep, and the GitHub CLI (gh).
  • References an external skill from the same vendor (squirrelsoft-dev/agent-skills@workflow) for ongoing workflow automation.
  • [PROMPT_INJECTION]: The skill ingests untrusted data from the local repository to facilitate automated configuration.
  • Scripts like analyze-conventions.sh and analyze-git.sh sample source files and git history.
  • The analysis results are used to generate natural language rules in .claude/rules/, creating an indirect injection surface where content in the repository could influence the analysis logic, although findings are presented for human review before being applied.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 17, 2026, 02:31 AM