Skills
skills/charlesjones-dev/claude-code-plugins-dev/kb-organize/Gen Agent Trust Hub

kb-organize

Pass

Audited by Gen Agent Trust Hub on Apr 25, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by extracting metadata from markdown files and interpolating it into the project's CLAUDE.md configuration file.
  • Ingestion points: Processes all .md files in the docs/kb/ directory recursively to read frontmatter (SKILL.md, Steps 2 and 3).
  • Boundary markers: Lacks explicit delimiters or instructions to the agent that the 'tags' and 'scope' content being written to CLAUDE.md is from an untrusted source.
  • Capability inventory: Possesses file write capabilities for CLAUDE.md, _index.md, and _log.md, as well as directory creation and file movement (SKILL.md, Steps 5 and 6).
  • Sanitization: No validation or sanitization is performed on metadata strings before they are appended to the project's central configuration documentation.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 25, 2026, 01:21 AM