claude-code-guide
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill documents an attack surface for indirect prompt injection by instructing the agent on how to fetch and process untrusted external data.
- Ingestion points: The guide demonstrates usage of
web_fetchfor URL content andwindow.fs.readFilefor local file analysis. - Boundary markers: Examples lack explicit delimiters or 'ignore' instructions for the content being processed.
- Capability inventory: The documented tool has broad capabilities including
bashcommand execution, file writing (Write,Edit), and network requests (fetch). - Sanitization: While a 'Security Considerations' section exists recommending code review and least privilege, the provided code snippets do not implement sanitization or validation of external input.
- Data Exposure & Exfiltration (SAFE): The documentation mentions sensitive file paths such as
~/.config/claude/mcp_config.jsonand.env. However, these are referenced solely for configuration and educational purposes; no scripts are provided to automate the exfiltration of these files. - Dynamic Execution (SAFE): The skill describes the use of a REPL environment (JavaScript runtime) and MCP servers. These are standard features of the platform being documented and are not used here for malicious obfuscation or hidden execution.
Audit Metadata