skills/spillwavesolutions/grading-claude-agents-md-agentic-skill/grading-claude-agents-md/Gen Agent Trust Hub
grading-claude-agents-md
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes
CLAUDE.mdandAGENTS.mdfiles from the user's project, which creates a surface for indirect prompt injection where malicious instructions embedded in these files could override agent behavior during analysis. - Ingestion points: Project configuration files (
CLAUDE.md,AGENTS.md). - Boundary markers: No delimiters or ignore instructions are used when reading the files.
- Capability inventory: The skill can read/write files and execute shell commands.
- Sanitization: No sanitization is applied to the input content.
- Mitigation: The skill enforces a human-in-the-loop approval process before any changes are committed to the filesystem.
- [COMMAND_EXECUTION]: The skill instructs the agent to perform shell operations such as file size measurement (
wc), directory listings (ls), and project-specific tasks (npm test,pnpm build) as part of its grading and validation workflow.
Audit Metadata