Skills
skills/tdimino/claude-code-minoan/skill-toggle/Gen Agent Trust Hub

skill-toggle

Pass

Audited by Gen Agent Trust Hub on Feb 24, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: Indirect Prompt Injection vulnerability surface. The skill reads and displays data from external files that could contain malicious instructions.
  • Ingestion points: The extract_frontmatter function in scripts/skill_toggle.py reads SKILL.md files from other skill directories in ~/.claude/skills/.
  • Boundary markers: Extracted skill metadata is displayed to the agent in a plain text table without protective delimiters or instructions to ignore embedded commands.
  • Capability inventory: The skill uses the Bash tool to execute a Python script that can move directories and modify the user's ~/.claude/settings.json configuration file.
  • Sanitization: The script uses a strict alphanumeric regex to prevent path traversal via skill names, though it does not filter extracted descriptions for instructional content.
  • [COMMAND_EXECUTION]: Local Script Execution. The skill uses the Bash tool to execute its primary logic contained in scripts/skill_toggle.py, which performs filesystem operations and updates configuration files.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 24, 2026, 12:30 PM