claude-md-management
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill reads and evaluates user-controlled markdown files which could contain instructions designed to manipulate the agent's behavior during the audit or update phases. 1. Ingestion points: SKILL.md Phase 1 and 2 read CLAUDE.md, .claude.md, and .claude.local.md. 2. Boundary markers: Absent; file content is analyzed directly against a rubric. 3. Capability inventory: Bash, Edit, Read, Glob, Grep. 4. Sanitization: Absent.
- Data Exposure (LOW): The skill discovery phase (Phase 1) specifically searches for .claude.local.md files. While these are intended for documentation, they are designated for personal/local settings and may expose developer-specific context or non-public patterns to the agent's operational memory.
Audit Metadata