Skills
skills/alirezarezvani/claudeforge/claude-md-enhancer/Gen Agent Trust Hub

claude-md-enhancer

Pass

Audited by Gen Agent Trust Hub on Feb 27, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes the content of local CLAUDE.md files which are considered untrusted data.
  • Ingestion points: The skill ingests file content as strings in analyzer.py (via the CLAUDEMDAnalyzer class) and validator.py (via the BestPracticesValidator class).
  • Boundary markers: There are no explicit boundary markers or isolation mechanisms in the code to distinguish between project data and agent instructions.
  • Capability inventory: The skill is granted permissions to Read, Write, Edit, and execute specific Bash commands (ls, find, git).
  • Sanitization: No sanitization or filtering is performed on the ingested content to prevent embedded malicious instructions from influencing the agent's behavior.
  • [COMMAND_EXECUTION]: The skill requests permissions to execute bash commands (ls, find, git) for the purpose of exploring the repository structure during the initialization workflow. These commands are restricted using wildcards (e.g., Bash(git:*)) to limit the scope of execution as a security precaution.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 27, 2026, 10:53 AM