Skills
skills/egorfedorov/claude-context-optimizer/cco-claudemd/Gen Agent Trust Hub

cco-claudemd

Pass

Audited by Gen Agent Trust Hub on Mar 24, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a local JavaScript analyzer script (claudemd-analyzer.js) using the node runtime. This is the intended behavior for processing project files.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it reads and analyzes content from CLAUDE.md files which could contain malicious instructions.
  • Ingestion points: Reads user-controlled CLAUDE.md files from the project directory.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the skill definition.
  • Capability inventory: The skill is allowed to use Bash, Read, and Edit tools, allowing for command execution and file modification.
  • Sanitization: No explicit sanitization or validation logic for the ingested file content is defined in the instruction set.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 24, 2026, 04:33 PM