sc-improve
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- Command Execution (MEDIUM): The skill is configured to execute local Python scripts for validation, specifically mentioning paths such as
.claude/skills/sc-principles/scripts/validate_kiss.py. This represents a risk of executing unverified local code. - Data Exfiltration (MEDIUM): The skill leverages the
mcp__rube__RUBE_MULTI_EXECUTE_TOOLto transmit data to external services including Slack, Jira, and Notion. While designed for reporting, this creates a potential channel for sensitive codebase information to be exfiltrated. - Prompt Injection (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8) because it ingests and processes source code from untrusted directories like
src/. Evidence Chain: (1) Ingestion points: files withinsrc/andapi-endpoints. (2) Boundary markers: Absent from instructions. (3) Capability inventory: File-write access viaEdit/MultiEdit, network access via Rube MCP, and subprocess execution via Python. (4) Sanitization: None mentioned in the behavioral flow.
Audit Metadata