claude-project-setup
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill performs its described functionality using standard file system tools. No evidence of obfuscation, exfiltration, or unauthorized command execution was found.
- [DATA_EXPOSURE]: Includes a discovery step that prompts users for sensitive file paths to ensure they are added to a denial list in .claude/settings.json, preventing accidental data exposure to the AI model.
- [COMMAND_EXECUTION]: Employs basic Bash commands (e.g., wc -l) for file verification purposes. These operations are transparent and scoped to the project directory.
- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it reads and optimizes existing CLAUDE.md files which may contain untrusted content. 1. Ingestion points: existing CLAUDE.md and .claude/ directory content. 2. Boundary markers: None explicitly defined in instructions. 3. Capability inventory: Bash, Read, and Write tools. 4. Sanitization: None specified for file content analysis.
Audit Metadata