Skills
skills/zjfls/zhoujie-claude-skills/skill-system-analyst/Gen Agent Trust Hub

skill-system-analyst

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (LOW): The tool utilizes child_process.spawn and child_process.exec within lib/doc-generator.js and static-assets/server.js to manage a local documentation server and automate opening the system's web browser. Evidence: spawn('node', [serverScript], ...) and exec("${startCmd} ${url}"). These actions are necessary for the skill's primary function and are constrained to the local environment.\n- [PROMPT_INJECTION] (LOW): The skill possesses a surface for Indirect Prompt Injection (Category 8) because its workflow depends on ingesting and summarizing untrusted data from project repositories.\n
  • Ingestion points: Local codebase files are analyzed using shell utilities like ls, rg, sed, and git.\n
  • Boundary markers: Absent; the skill does not wrap ingested external content in security delimiters to distinguish it from system instructions.\n
  • Capability inventory: The skill has filesystem write access (fs.writeFileSync in lib/doc-generator.js) and can execute local Node.js processes and shell commands.\n
  • Sanitization: The provided JavaScript tools do not perform automated HTML sanitization or XSS filtering, relying instead on instructions within SKILL.md for the AI agent to escape characters manually.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:52 PM