claude-md-improver
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection Surface. The skill reads and evaluates content from potentially attacker-controlled repository files. 1. Ingestion points: Files like CLAUDE.md and .claude.local.md are read using the Read tool as described in SKILL.md (Phase 1). 2. Boundary markers: None identified; file content is analyzed directly against rubrics. 3. Capability inventory: The agent has access to Bash and Edit tools (SKILL.md). 4. Sanitization: The skill does not perform input sanitization, but Phase 4 in SKILL.md requires user confirmation and diff review before changes are applied via the Edit tool.
Audit Metadata