meta-skill
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill establishes an Indirect Prompt Injection surface by configuring the agent to dynamically ingest and execute instructions from project-level files.\n
- Ingestion points: The agent is directed to read and follow content from SKILLUSE.md and skill-library//SKILL.md on every request matching a description.\n
- Boundary markers: Absent. There are no delimiters or safety instructions provided to the agent to treat the loaded skill content as untrusted or secondary to its primary safety guidelines.\n
- Capability inventory: The meta-skill has the ability to modify CLAUDE.md (the agent's configuration file), create new skill definition files, and list/edit existing ones.\n
- Sanitization: Absent. The skill does not validate or sanitize the natural language instructions or descriptions before they are added to the registry or the matching instructions.\n- [PROMPT_INJECTION]: Persistent instruction modification is achieved by appending a Meta-Skill section to CLAUDE.md. This bypasses the standard initialization process and creates a permanent hook that prioritizes local project files over the agent's base instructions.
Audit Metadata