claude-md-creator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection (Category 8) because it parses untrusted project configuration files and incorporates their content into generated instruction files (CLAUDE.md) for the AI agent.
- Ingestion points: The script
scripts/detect-project.pyreads data frompackage.jsonandrequirements.txtfrom the current project directory. - Boundary markers: Absent; data from project markers is directly interpolated into templates using string formatting in
scripts/generate-claude-md.py. - Capability inventory: The skill possesses the ability to write to the local filesystem and execute internal scripts via
subprocess.run. - Sanitization: Partial; while
scripts/validate-claude-md.pyincludes a warning for angle brackets in metadata to prevent HTML injection, it does not sanitize command strings or other project data before they are written to the agent's instruction files.
Audit Metadata