claude-md-creator
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is designed to create a
CLAUDE.mdfile, which is a persistent context file used by agents to define operational rules and behavior. By ingesting untrusted project content to populate this file, it creates a significant attack surface.\n - Ingestion points: The skill reads project-level metadata and component descriptions as described in
WORKFLOW.mdStep 2.\n - Boundary markers: Absent. The templates in
TEMPLATES.mddo not use delimiters or instructions to ignore embedded commands when wrapping content pulled from the project.\n - Capability inventory: File-write access to project-level configuration files that dictate agent behavior.\n
- Sanitization: Absent. There is no logic to filter or escape instructions embedded in the analyzed project data, despite the high-trust nature of the resulting file.\n- Data Exposure & Exfiltration (MEDIUM): The documented
@path/to/fileimport syntax inTEMPLATES.mdandWORKFLOW.mdcreates a mechanism for sensitive file content to be included in documentation.\n - Evidence: If the agent resolves these import paths while processing an attacker-controlled project file, it may inadvertently leak secrets, environment variables, or private keys into the
CLAUDE.mdfile.\n- Persistence Mechanisms (HIGH): ModifyingCLAUDE.mdacts as a persistence vector. Malicious instructions injected via this skill become a permanent part of the agent's operating context for the workspace across all future sessions.
Recommendations
- AI detected serious security threats
Audit Metadata