claude-md-improver
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection by processing untrusted context files from the repository. * Ingestion points: SKILL.md (Phase 1) discovers and reads CLAUDE.md, .claude.md, and .claude.local.md files throughout the codebase, including the user's global config at ~/.claude/CLAUDE.md. * Boundary markers: The instructions do not define boundary markers to isolate the audited content from the agent's instructions. * Capability inventory: The agent has access to the Bash and Edit tools and is specifically instructed in references/quality-criteria.md to 'Run documented commands (mentally or actually)' to verify their correctness. * Sanitization: There is no mechanism to sanitize or validate the content of the commands or instructions found in the external files before they are processed.
Audit Metadata