claude-md-management
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and evaluates content from documentation files (CLAUDE.md, .claude.local.md, etc.) which could be controlled by an attacker in shared repositories.
- Ingestion points: Reads repository files and local user configuration (~/.claude/CLAUDE.md) using find and Read tools.
- Boundary markers: Does not provide instructions to treat the ingested file content as untrusted data or use delimiters to isolate it from the system prompt.
- Capability inventory: Access to tools like Bash and Edit increases the potential impact of a successful injection.
- Sanitization: No validation or sanitization of documentation content is performed before processing.
- [COMMAND_EXECUTION]: The assessment rubric encourages the agent to "actually verify" commands found in documentation. This instruction could lead to the execution of malicious shell commands if they are present in the CLAUDE.md files of an audited repository.
Audit Metadata