claude-md-init
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's primary function is to automate the generation and maintenance of project documentation. It operates within the project's local environment without external network calls.
- [COMMAND_EXECUTION]: The skill executes a local Node.js script (
generate-claude-md.cjs) to process templates and configuration. This script uses standard file system operations to readdocs/project-config.jsonand write toCLAUDE.md. No evidence of arbitrary or remote command execution was found. - [DATA_EXFILTRATION]: The skill processes infrastructure data from
project-config.json, including service names and ports. While it includes a placeholder for credentials in the documentation output, it does not access protected system files or exfiltrate any data to external domains. - [PROMPT_INJECTION]: The instructions in
SKILL.mdcontain strict procedural requirements for the AI agent (e.g., mandatory task creation and evidence-based reasoning). These are intended to improve the reliability of the agent's work on the project and do not represent a bypass of safety filters or instructions to ignore constraints.
Audit Metadata