spec-rules-init
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local shell commands including
ls,find, andpwdto identify project structures, configuration files (e.g.,package.json,tsconfig.json,go.mod), and metadata from installed skills located in~/.claude/skills/and.claude/skills/for the purpose of convention extraction. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) because it reads and extracts rules from untrusted project files and external skill definitions to populate its generated templates.
- Ingestion points: Processes content from user-controllable files like
CLAUDE.md,AGENTS.md, andSKILL.mdwithin local and global skill directories. - Boundary markers: The extraction logic lacks explicit delimiters or instructions to ignore potential adversarial commands embedded in the source documents being scanned.
- Capability inventory: The agent can execute shell commands for file system discovery and has permissions to create or modify documentation files (appending to
AGENTS.mdandCLAUDE.md) within the project directory. - Sanitization: No validation or escaping is performed on the extracted rule text before it is written to the final
coding-rules.mdor appended to convention files.
Audit Metadata