sync-aiblueprint-with-claude
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Uses Bash tools including
cp,diff,ls, andmkdirto perform file operations and directory management within the user's home directory.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted Markdown and script files from a local repository and moves them into the agent's active configuration path without content validation. - Ingestion points: All files within
$CWD/claude-code-config/. - Boundary markers: None; the skill copies the source files verbatim into the target directory.
- Capability inventory: The skill possesses file write permissions, directory creation capabilities, and the ability to execute shell commands.
- Sanitization: No sanitization or safety filtering is applied to the content of the files being synchronized.
Audit Metadata