reclaude
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (MEDIUM): The skill relies on processing untrusted data from project files such as CLAUDE.md and package.json. \n
- Ingestion points: Reads CLAUDE.md, package.json, Makefile, and justfile. \n
- Boundary markers: Absent. No instructions are provided to distinguish between document text and potential embedded commands. \n
- Capability inventory: Step 2 explicitly directs the agent to find and add verification commands to be run by the agent, which presents a risk if the source files are maliciously crafted. \n
- Sanitization: None. \n- [Data Exposure & Exfiltration] (LOW): The skill instructs the agent to read local project files and interact with user-level configuration paths (~/.claude/skills/), though no network exfiltration mechanism is included in the skill.
Audit Metadata