sync-claude-md
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFENO_CODECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [NO_CODE]: The skill provided consists solely of markdown documentation and does not include any executable scripts, binaries, or code dependencies.
- [COMMAND_EXECUTION]: The documentation describes the use of a CLI command 'samuel' for syncing folder-level instructions, though the tool itself is not provided within the skill.
- [PROMPT_INJECTION]: The skill's primary function is to generate instruction files (CLAUDE.md, AGENTS.md), which constitutes an indirect prompt injection surface. 1. Ingestion points: Scanning of directory structures, file names, and extensions in local project folders. 2. Boundary markers: Utilizes 'Auto-generated by Samuel' markers to identify and manage generated content sections. 3. Capability inventory: The documented workflow involves scanning project contents and writing instruction files. 4. Sanitization: No sanitization or validation logic is present as the skill ships no code.
Audit Metadata