errors
Warn
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute a Python script at
.claude/scripts/analyze_errors.pyand various shell scripts located in.claude/hooks/. Because the source code for these scripts is not provided within the skill package, their behavior cannot be verified, posing a risk of arbitrary command execution. - [EXTERNAL_DOWNLOADS]: The documentation encourages the global installation of the
portlessutility usingnpm i -g portless. This introduces an external dependency from a third-party registry that is not audited as part of the skill. - [DATA_EXFILTRATION]: The skill implements an error collector that logs tool names, input commands, and error messages to
.claude/logs/errors.jsonl. This mechanism may capture and store sensitive information, such as credentials or private data included in failed command arguments, in a file that the agent is subsequently instructed to read. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection by processing untrusted data from error logs.
- Ingestion points: The agent reads and analyzes historical error data from
.claude/logs/errors.jsonl. - Boundary markers: The skill lacks delimiters or protective instructions to prevent the agent from following malicious commands embedded within captured error messages.
- Capability inventory: The skill utilizes
Read,Bash, andGreptools, which could be exploited if an attacker-controlled process generates error messages designed to manipulate the agent's logic. - Sanitization: There is no evidence of filtering or sanitizing error messages or tool inputs before they are processed by the analysis scripts.
Audit Metadata