audit-claude-md
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it is designed to search for and ingest project files (e.g., CLAUDE.md, .cursorrules) that contain AI instructions. If these files are manipulated by an attacker, the agent might follow unintended commands during the audit process. \n
- Ingestion points: SKILL.md (Phases 1 & 2) searches for and reads various project context files and documentation. \n
- Boundary markers: The skill lacks explicit delimiters or instructions to the agent to treat audited content strictly as data or to ignore embedded commands. \n
- Capability inventory: The skill utilizes the agent's ability to search, read, and write files (referenced in Phase 5 for saving reports and implementing fixes). \n
- Sanitization: No validation or sanitization of the audited file content is performed. \n- [NO_CODE]: This skill consists solely of markdown instructions and reference documentation. No executable scripts, binaries, or automated code-based hooks are included in the skill package.
Audit Metadata