wizard
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local Bash scripts to manage a project-specific configuration file (
.claude/ru-config.json). The scripts usejqwith the--argflag to safely handle user-provided strings, preventing shell injection vulnerabilities. - [DATA_EXFILTRATION]: Analysis of the Bash scripts confirms that file operations are restricted to the local project directory. No network requests or access to sensitive user credentials (e.g., SSH keys, AWS configs) were detected.
- [PROMPT_INJECTION]: The instructions focus purely on configuring work categories (e.g., bug fixes, performance) and do not contain any patterns intended to bypass safety filters or override system-level instructions.
- [EXTERNAL_DOWNLOADS]: The skill does not download any external packages or remote scripts; all logic is contained within the provided markdown file.
Audit Metadata