working-with-claude-code
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill functions by reading local markdown files that describe how to configure and use Claude Code. This creates a surface for indirect prompt injection where instructions embedded in the documentation could influence agent behavior. However, because the documentation is sourced from official Anthropic domains and the skill is intended for technical reference, the risk is categorized as low.
- Ingestion points: All files in the
references/directory. - Boundary markers: Not explicitly used in the documentation content.
- Capability inventory: The agent utilizing this skill likely has access to
Bashand file manipulation tools as part of its primary Claude Code purpose. - Sanitization: Content is read as raw markdown without sanitization.
- [External Downloads] (SAFE): The script
scripts/update_docs.jsis designed to download updated documentation. It targets the trusted domaindocs.claude.comand uses a restrictive regular expression to ensure only markdown files from the expected path are downloaded. It does not execute the downloaded content.
Audit Metadata