Skills
skills/terrylica/cc-skills/glossary-management/Gen Agent Trust Hub

glossary-management

Pass

Audited by Gen Agent Trust Hub on Feb 28, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local TypeScript scripts using the Bun runtime, specifically ~/.claude/tools/bin/glossary-sync.ts and ~/eon/cc-skills/plugins/itp-hooks/hooks/posttooluse-terminology-sync.ts. These scripts are used to synchronize terminology and are part of the intended local developer environment setup.
  • [COMMAND_EXECUTION]: Uses standard Unix utilities including grep for format validation, find for file discovery, and rm for cleaning up stale directory structures.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes content from various CLAUDE.md files and a central GLOSSARY.md file. This ingestion of external data constitutes a potential attack surface if project files contain malicious content designed to exploit the sync scripts.
  • Ingestion points: Files located via SCAN_PATHS (e.g., ~/eon/*/CLAUDE.md) and the central ~/.claude/docs/GLOSSARY.md file.
  • Boundary markers: The skill enforces a strict 5-column markdown table schema and utilizes specific HTML comments (<!-- SCAN_PATHS: ... -->) for configuration.
  • Capability inventory: The skill has permissions for Bash execution, Read/Edit file access, and Grep search operations.
  • Sanitization: Validation is performed through regular expression checks (via grep) and structured parsing within the local TypeScript hooks.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 28, 2026, 03:54 AM