optimizing-claude-code
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/audit_repo.pyexecutesgitcommands via subprocess to analyze repository scale and history. These commands use paths derived from the local environment. - [PROMPT_INJECTION]: The skill processes untrusted content from files like
CLAUDE.mdto generate reports, creating a surface for indirect prompt injection through extracted metadata and analysis results. - Ingestion points:
scripts/audit_repo.pyreads local repository files and extracts textual information such as heading counts and @import references. - Boundary markers: The agent receives a JSON-formatted report, but no explicit boundary markers or instructions are provided to separate untrusted data strings from the agent's system instructions.
- Capability inventory: The skill enables the agent to edit repository files and execute shell commands to apply suggested improvements when requested by the user.
- Sanitization: The tool performs structural analysis but does not sanitize or escape the extracted strings (such as filenames or import paths) before they are presented to the agent.
Audit Metadata