Skills
skills/ywj3493/claude-skills/sync-dev/Gen Agent Trust Hub

sync-dev

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: CRITICALPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION] (LOW): Indirect Prompt Injection vulnerability. The skill reads markdown files from the filesystem and processes their content for translation. If these files contain malicious instructions disguised as documentation, the AI might inadvertently follow them during the translation phase.
  • Ingestion points: English source files in docs/specifications/, docs/issue/, and docs/policy/ (Step 4.1).
  • Boundary markers: None specified. The agent reads the file "completely" without delimiters to separate documentation content from instructions.
  • Capability inventory: Execution of find, git log, file reading, and file writing to the docs/dev/ directory.
  • Sanitization: No sanitization or validation of the input file content is performed before processing.
  • [COMMAND_EXECUTION] (SAFE): The skill utilizes find and git log to audit the project state. These commands are restricted to metadata retrieval and file discovery within specified documentation directories, matching the skill's stated purpose.
  • Evidence: Shell commands in Step 1 and Step 2 are used solely for file listing and timestamp comparison.
  • [EXTERNAL_DOWNLOADS] (SAFE): Although an automated scanner flagged requirements.md as a malicious URL, manual inspection confirms this is a local file path (docs/specifications/requirements.md) and not a remote network request.
Recommendations
  • Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 17, 2026, 02:14 PM