reclaude
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it is designed to ingest and process the content of user-provided
CLAUDE.mdfiles. - Ingestion points: The agent reads the content of project files including
CLAUDE.md,package.json,Makefile, andjustfile(referenced inSKILL.md). - Boundary markers: There are no explicit delimiters or instructions provided to the agent to disregard instructions embedded within the files being refactored.
- Capability inventory: The skill's primary function involves file reading and text processing to suggest documentation improvements; it does not directly execute code or access network resources.
- Sanitization: No sanitization or escaping of the ingested file content is performed prior to processing.
Audit Metadata