claude-md-management
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted content from CLAUDE.md files (SKILL.md, Phase 2). This ingestion surface could be exploited via indirect prompt injection to influence the agent's assessment or behavior.
- Ingestion points: The skill reads CLAUDE.md, .claude.md, and .claude.local.md files from the repository.
- Boundary markers: The agent is directed to follow a specific scoring rubric in references/quality-criteria.md to maintain focus.
- Capability inventory: The skill utilizes Edit (file write) and Bash (command execution) tools.
- Sanitization: The workflow enforces a reporting phase and requires explicit user confirmation before any modifications are applied (Phase 4).
- [COMMAND_EXECUTION]: The skill instructs the agent to verify whether commands found in documentation actually work, either 'mentally or actually' (references/quality-criteria.md). While intended for quality validation, executing untrusted commands found within repository files represents a security risk. Additionally, the skill uses a restricted find command via the Bash tool for file discovery.
Audit Metadata