best-practices
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to take user-provided prompts as input for transformation. This creates an indirect prompt injection surface (Category 8) where malicious input could attempt to influence the transformation process or the behavior of the subagents.
- Ingestion points: User input provided via the
/best-practicescommand or direct prompt submission. - Boundary markers: The skill uses markdown code blocks and specific synthesis steps, but lacks rigorous sanitization for interpolated user strings in subagent tasks.
- Capability inventory: The skill can read arbitrary codebase files, search via grep/glob, and launch parallel subtasks.
- Sanitization: No explicit sanitization or filtering of the user's input before it is passed to subagents or used in transformation templates.
- [EXTERNAL_DOWNLOADS]: The documentation references official Anthropic and Claude Code documentation domains (code.claude.com, docs.anthropic.com). These are well-known and trusted services for this domain.
- [COMMAND_EXECUTION]: The
codebase-context-builderagent uses standard file system search tools (Glob, Grep, Read) to discover project patterns. This behavior is consistent with the stated purpose of a coding assistant skill.
Audit Metadata