dd
Fail
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: CRITICALCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is designed to manage the local project structure, which includes creating documentation directories and modifying the project's CLAUDE.md file to establish coding guidelines.
- [PROMPT_INJECTION]: By processing user-provided requirements and existing documentation to generate implementation plans, the skill possesses an attack surface for indirect prompt injection; however, this is a low-risk finding inherent to its role as a code assistant.
- [SAFE]: The automated scanner's alert regarding 'profile.md' is identified as a false positive, as the string appears only as a placeholder for a local documentation file path in reporting examples and does not involve any actual remote network requests.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata