claude-md-authoring
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is designed to create persistent project memory from potentially untrusted codebase content, which can be exploited to influence future agent sessions.
- Ingestion points: The skill uses 'Read', 'Grep', and 'Glob' to ingest data from codebase files (SKILL.md).
- Boundary markers: Absent. No instructions are provided to help the agent distinguish between valid architectural patterns and malicious instructions embedded in comments.
- Capability inventory: The agent is granted 'Write' and 'Edit' permissions, allowing it to modify the filesystem and create high-trust documentation.
- Sanitization: Absent. There is no validation or escaping of the content extracted from the codebase before it is promoted to the project's permanent instructions.
- Data Exposure (LOW): The guidelines encourage documenting 'non-obvious' patterns including authentication token refresh logic and secret handling, which could inadvertently lead to the documentation of sensitive security-critical implementation details.
Recommendations
- AI detected serious security threats
Audit Metadata