update-rules
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates an indirect prompt injection surface as it processes conversation history to update project instruction files that guide future agent behavior. * Ingestion points: The skill analyzes conversation history and code changes using Read and Grep tools. * Boundary markers: While the output utilizes markdown code blocks for updates, the skill lacks explicit delimiters for processing raw history data. * Capability inventory: The skill has the capability to modify core instructions (CLAUDE.md, rules.md) via the Edit tool. * Sanitization: The risk is mitigated by explicit instructions to flag conflicts and designate the user as the final arbiter of all changes.
Audit Metadata