doctor
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: Executes shell commands via Bash to perform system-wide health checks, including file validation, manifest parsing, and hook registration audits. This is consistent with its primary purpose as a diagnostic utility.
- [PROMPT_INJECTION]: Identified an indirect prompt injection surface because the skill reads and potentially displays data from untrusted repository files.
- Ingestion points: Reads frontmatter from SKILL.md files, content from manifests/*.json, and the .claude/memory/decisions.jsonl log.
- Boundary markers: Absent; the skill does not use specific delimiters to isolate external file content from instructions.
- Capability inventory: The skill has access to Bash, Read, Grep, and Glob tools.
- Sanitization: Uses Python's json module for integrity validation, but error reporting may output raw, unescaped content from corrupt lines, which could contain malicious instructions.
- [EXTERNAL_DOWNLOADS]: Recommends the installation of optional dependencies from external sources, including the trusted vercel-labs organization for the agent-browser skill and the agentation-mcp package. These are documented as configuration checks for missing components.
- [DATA_EXPOSURE]: Inspects the environment for the presence of sensitive variables such as TAVILY_API_KEY to verify MCP server configuration. The skill validates the existence of these keys without displaying, logging, or transmitting their values.
Audit Metadata