claude-md-writer
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references official guidance from Anthropic.
- Evidence: The
metadata.jsonfile includes reference URLs to official Anthropic documentation and engineering best practices for Claude Code. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core functionality of summarizing project-specific files.
- Ingestion points: The skill analyzes local files such as
package.json,pom.xml,Cargo.toml,README.md, and documentation within thedocs/directory to extract context for generating instructions. - Boundary markers: The prompt logic does not explicitly define delimiters or include instructions to ignore potentially malicious embedded commands when reading from these external files.
- Capability inventory: The skill has permissions to read the repository and write or edit files using
Read,Glob,Grep,Write, andEdittools. - Sanitization: There is no evidence of content validation or filtering of the ingested data before it is incorporated into the generated
CLAUDE.mdfile, which directly impacts the agent's future session behavior.
Audit Metadata