update-allowed-tools
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection Surface. The skill reads external content from target skill files to determine tool requirements. A malicious skill could embed instructions designed to trick the agent into granting excessive permissions. * Ingestion points: Read and Grep tools are used on target SKILL.md and sibling files. * Boundary markers: Absent. * Capability inventory: Edit (modifies files), Bash(find:*), Read, Glob, Grep. * Sanitization: Absent.
- [DATA_EXFILTRATION] (LOW): Exposure of sensitive paths. The skill searches and reads from ~/.claude/skills/**, granting the agent visibility into the user's local skill repository and associated metadata.
- [COMMAND_EXECUTION] (SAFE): The skill uses Bash(find:*) for file discovery, which is a restricted and appropriate use for its primary purpose.
Audit Metadata