claude-memory-files
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [NO_CODE] (SAFE): The skill consists entirely of markdown documentation and templates. It does not include any Python, JavaScript, or shell scripts.- [PROMPT_INJECTION] (LOW): Category 8 (Indirect Prompt Injection): The skill defines how the agent should read and obey instructions from external files (
CLAUDE.md,.claude/rules/*.md) and file imports (@path). This establishes an injection surface where an attacker controlling project files could influence agent behavior. - Ingestion points: Root
CLAUDE.md,.claude/rules/directory, and recursive imports via the@symbol. - Boundary markers: Absent; there are no instructions for the agent to ignore potentially malicious embedded directives in the ingested project files.
- Capability inventory: The skill explicitly lists shell command execution (build, test, lint) as a primary use case for these files.
- Sanitization: Absent; no validation or escaping of the content read from these files is mentioned or implemented.
Audit Metadata