claude-code-learning
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill's primary function is educational, providing users with guidance on project configuration and best practices for the Claude Code ecosystem. All identified behaviors align with its stated purpose as a development aid.\n- [PROMPT_INJECTION]: The skill exhibits a potential surface for indirect prompt injection because the 'setup' action is designed to analyze and process project-level files such as 'CLAUDE.md' and '.mcp.json'. \n
- Ingestion points: The skill reads external configuration files ('CLAUDE.md', '.mcp.json', and the '.claude/' directory) during project analysis.\n
- Boundary markers: There are no explicit instructions or delimiters provided to prevent the agent from obeying instructions that might be maliciously embedded within those project files.\n
- Capability inventory: The skill is granted powerful capabilities including 'Bash', 'Write', 'Edit', 'Read', 'Grep', and 'Glob'.\n
- Sanitization: No explicit sanitization or validation of the ingested project data is described in the skill's logic.\n- [COMMAND_EXECUTION]: The skill facilitates the use of the 'Bash' tool to configure environment variables (e.g., 'CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS') and manage development hooks (e.g., 'pnpm format'). This execution is documented as a core feature for project automation and optimization.
Audit Metadata