Skills
skills/vinvcn/mattpocock-skills-zh-cn/setup-matt-pocock-skills/Gen Agent Trust Hub

setup-matt-pocock-skills

Pass

Audited by Gen Agent Trust Hub on May 10, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes git remote -v to detect the repository origin. This is a read-only operation used to suggest configuration defaults.\n- [SAFE]: The skill reads .git/config and existing project documentation to understand current setups. No sensitive credentials or private keys are accessed, and no data is exfiltrated.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing repository metadata.\n
  • Ingestion points: git remote -v, .git/config, and documentation files like AGENTS.md or CLAUDE.md.\n
  • Boundary markers: None are explicitly used in the templates generated by the skill.\n
  • Capability inventory: Modifies CLAUDE.md or AGENTS.md and writes documentation files to the docs/agents/ directory.\n
  • Sanitization: No sanitization of ingested content is performed before interpolation into the configuration files.\n
  • Mitigation: The skill implements a human-in-the-loop process, requiring the agent to present findings and draft changes for user approval before any file writes occur.
Audit Metadata
Risk Level
SAFE
Analyzed
May 10, 2026, 06:18 AM