Claude Code Guide
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- No Code (SAFE): The skill is composed strictly of Markdown documentation and configuration templates. There are no executable files (.py, .js, .sh) or automation scripts provided.
- Prompt Injection (SAFE): The guide mentions using phrases like "forget previous instructions" as a debugging technique to clear context. In this informational context, it is a benign recommendation for manual user interaction and not a malicious injection attempt.
- Indirect Prompt Injection Surface (LOW): The documentation encourages creating a
CLAUDE.mdfile to guide agent behavior. This defines an attack surface where the agent ingests instructions from project files. - Ingestion points:
CLAUDE.mdfile in the root directory. - Boundary markers: None specified in the template.
- Capability inventory: The template includes instructions for the agent to run shell commands (
npm run dev,npm test). - Sanitization: No sanitization or validation methods are mentioned for the content of the configuration file. (Note: Verdict downgraded to SAFE as this is the primary intended purpose of the documentation).
Audit Metadata