context-management
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill performs project analysis by reading standard configuration files like
package.json,Cargo.toml, andpyproject.toml. This is used to identify the project stack and coding conventions without exposing sensitive data. - [SAFE]: File writing is restricted to project documentation (
CLAUDE.md), scoped rule files (.claude/rules/), and local agent memory stores (~/.claude/projects/). The skill includes an explicit constraint to show diffs before overwriting any existing files. - [SAFE]: No network exfiltration, remote code downloads, or arbitrary command executions were identified. The skill only identifies project-related commands (e.g., test, build) for inclusion in the project documentation.
- [SAFE]: Although the skill processes untrusted project data (like
README.md) to generate rules, it lacks dangerous capabilities such as network access or subprocess execution that would be required to exploit an indirect prompt injection surface.
Audit Metadata