Skills
skills/tommyxchow/ai/statusline-install/Gen Agent Trust Hub

statusline-install

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • Indirect Prompt Injection (LOW): The skill demonstrates a surface for indirect prompt injection by processing and displaying external data without explicit sanitization.
  • Ingestion points: Metadata fields such as .model.display_name, .cost.total_cost_usd, and .context_window.total_input_tokens defined in SKILL.md.
  • Boundary markers: Absent; the skill interpolates data directly into the status line string.
  • Capability inventory: The skill requires the ability to write to ~/.claude/settings.json to persist the configuration.
  • Sanitization: Not present; the instructions do not specify escaping or validation for the data sources before they are rendered in the terminal.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:43 PM