claude-code-analyzer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): Vulnerability to Indirect Prompt Injection (Category 8). Ingestion points: scripts/analyze-claude-md.sh reads metadata from package.json and other project files; scripts/analyze.sh reads conversation history files from ~/.claude/projects. Boundary markers: Data is structured as JSON, but the agent interprets it to generate configurations without explicit instructions to ignore malicious embedded text. Capability inventory: The skill uses bash for local analysis and web_fetch for documentation. It writes files to the .claude/ directory. Sanitization: Scripts escape characters for JSON formatting but do not filter semantic instructions.
- [DATA_EXFILTRATION] (SAFE): Accesses sensitive local conversation history as intended by its design. No unauthorized external transmissions detected. Documentation fetches are directed to trusted domains (docs.claude.com, anthropic.com).
Audit Metadata