link-validator
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute a local Python script (
scripts/validate_links.py) via theuvrunner. This command is scoped to the skill's purpose of validating link portability and does not involve remote code downloads or suspicious execution patterns. - [DATA_EXPOSURE]: The skill documentation and templates reference standard agent directories such as
~/.claude/skills/. These are used as targets for link validation and do not involve the exposure of hardcoded credentials or access to sensitive system configuration files. - [PROMPT_INJECTION]: The skill exhibits an indirect ingestion surface as it reads and processes external markdown files (Ingestion points: markdown files targeted by the user in SKILL.md). While the instructions lack explicit boundary markers to delimit untrusted content, the tool's capabilities (Bash, Edit, Read, Glob) are strictly applied to the task of link remediation. No sanitization logic is visible in the markdown, but the overall risk of instruction obedience is low given the specific utility of the skill.
Audit Metadata