claude-code-agents
Pass
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: LOW
Full Analysis
- [Category 5: Privilege Escalation] (SAFE): The skill proactively mitigates privilege escalation by instructing users to 'minimize tools', 'start read-only', and 'avoid granting Edit/Write unless required'. It emphasizes 'least-privilege tool selection' as a core design principle.
- [Category 8: Indirect Prompt Injection] (LOW): While the skill facilitates the creation of agents that ingest and process data, it mandates safety guardrails including output contracts, verification steps (checklists/tests), and explicit handoff contracts to minimize the impact of potentially malicious data.
- [Category 2: Data Exposure & Exfiltration] (SAFE): No patterns of sensitive data access or unauthorized network exfiltration were found. The skill focuses on local agent configuration within the
.claude/agents/directory. - [Category 1: Prompt Injection] (SAFE): The instructions do not contain any bypass markers or attempts to override system constraints; instead, they provide a template for creating predictable and bounded agent behaviors.
Audit Metadata