best-practices-researcher
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands (e.g.,
bundle show) for repository exploration when native file tools are insufficient. - [EXTERNAL_DOWNLOADS]: The skill is designed to perform online research using web search and external tools (Context7 MCP) to fetch documentation and community standards.
- [DATA_EXPOSURE]: The instructions direct the agent to search for and read
SKILL.mdfiles in sensitive locations, including user home directories (~/.claude/skills/,~/.codex/skills/), which may contain private implementation details or project-specific logic. - [INDIRECT_PROMPT_INJECTION]: The skill processes instructions from potentially untrusted sources (third-party skill files and external websites) and incorporates them into its own behavioral logic.
- Ingestion points: Reads
SKILL.mdfiles from project subdirectories (.claude/skills/,.agents/skills/) and user home directories (~/.claude/skills/), and fetches content from external documentation sites. - Boundary markers: Absent. The instructions do not explicitly tell the agent to ignore or delimit instructions found within the processed files.
- Capability inventory: Has access to
shellexecution, file reading, and file searching tools. - Sanitization: Absent. There is no evidence of validation or filtering of the content extracted from external skills before it is synthesized into recommendations.
Audit Metadata