project-claude-organizer
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs multiple file system operations including directory creation, file writing, content appending, and file deletion. While these are gated by user confirmation, they represent a significant capability for modifying the local project environment.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8).
- Ingestion points: It reads content from multiple user-controlled files within the .claude/ directory, specifically from subfolders like commands/, system/, and sops/, as well as files like project.md and readme.md (Step 3b, Step 5.7).
- Boundary markers: Appended content is preceded by a markdown comment (e.g., ), which provides a structural delimiter but does not prevent the AI from following instructions embedded within the appended text.
- Capability inventory: The skill can write to ai-context/ files, create new skill files (SKILL.md) in .claude/skills/, and delete source files after migration (Step 5).
- Sanitization: There is no significant sanitization of the content being moved; only emoji normalization is performed on section headings to facilitate routing logic.
Audit Metadata