claude-rules-authoring
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (MEDIUM): The skill processes untrusted project data in the form of rule files which can influence agent behavior. • Ingestion points: .claude/rules/ directory and files referenced via the @ inclusion syntax. • Boundary markers: None; the skill assumes the content of these files should be treated as authoritative rules. • Capability inventory: Write, Edit, Read, Grep, Glob tools. • Sanitization: No sanitization or validation of the content being included or referenced is described.
- Prompt Injection (LOW): The skill uses a custom @ syntax for file inclusion (e.g., @../../shared/rules/). This mechanism could be exploited for path traversal to read or include files outside of the intended directory if tool constraints are not strictly enforced.
- Command Execution (LOW): The skill is granted 'Write' and 'Edit' permissions. While intended for rule management, these tools could be used to modify sensitive project files if the agent is misled by malicious instructions.
Audit Metadata