ai-md
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill includes bash scripts for token counting and managing backups of system instruction files. These commands involve reading from and writing to the ~/.claude/ directory.
- [DATA_EXFILTRATION]: Documentation examples suggest patterns for the AI to perform network operations, such as using curl to fetch data to verify claims.
- [PROMPT_INJECTION]: The skill defines a structured methodology intended to override default AI behavior to ensure higher compliance with custom rules. It also defines a surface for indirect prompt injection by ingesting untrusted instruction files.
- Ingestion points: Reads configuration from ~/.claude/CLAUDE.md and related markdown files.
- Boundary markers: Employs XML-style tags and structured labels to delimit instructions.
- Capability inventory: Includes file system access and shell command execution.
- Sanitization: There is no evidence of sanitization or filtering of the content within the ingested instruction files.
Audit Metadata