system-audit
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Prompt Injection] (LOW): The skill is vulnerable to indirect prompt injection because it ingests and processes content from numerous external and global configuration files that could be manipulated by an attacker.
- Ingestion points: Reads
~/.claude/CLAUDE.md,~/.claude/skills/*/SKILL.md, and project-level.claude/projects/*/memory/MEMORY.md. - Boundary markers: Absent; the skill lacks delimiters or warnings to ignore instructions embedded within the audited files.
- Capability inventory: The skill possesses the ability to read and write/edit files on the system.
- Sanitization: Absent; content from these files is analyzed and then presented back to the user for potential execution without escaping.
- [Command Execution] (LOW): The skill performs file system write operations based on its analysis of system configuration files.
- Evidence: Step 4 describes '執行清理' (Execute Cleanup) using
EditandWritecommands to modify system instructions. - Severity Downgrade: The file access and modification are integral to the primary purpose of auditing and cleaning the agent's environment.
Audit Metadata