clean-code
Warn
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The 'Verification Scripts' section mandates running multiple Python scripts from the
~/.claude/skills/directory. Evidence: Found specific commands likepython ~/.claude/skills/vulnerability-scanner/scripts/security_scan.py .andpython ~/.claude/skills/performance-profiling/scripts/lighthouse_audit.py <url>. Risk: The skill executes local scripts outside its own package. The use of a<url>placeholder represents a potential command injection surface if user-supplied data is passed without sanitization. - PROMPT_INJECTION (LOW): The skill uses authoritative directives to override standard AI behavior (conciseness vs. explanation). Evidence: Phrases include 'CRITICAL SKILL', 'MANDATORY', and 'VIOLATION: Auto-fixing without asking = Not allowed.'
- INDIRECT_PROMPT_INJECTION (LOW): The skill processes external files and accepts URL parameters while possessing high-privilege tool access (Write/Edit/Subprocess). Evidence Chain: 1. Ingestion points: Local source code files and user-provided URLs. 2. Boundary markers: Absent. 3. Capability inventory: File-write/edit tools and Python script execution. 4. Sanitization: Absent from instructions.
- DATA_EXPOSURE & EXFILTRATION (SAFE): No evidence of hardcoded credentials, sensitive file exfiltration, or unauthorized network requests was found.
Audit Metadata