claude-md-writer
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill analyzes repository files to extract context for documentation, representing an indirect prompt injection surface where adversarial content in analyzed files could influence the agent.
- Ingestion points: Project tech stack, file structure, and existing documentation are analyzed as untrusted input.
- Boundary markers: The skill does not use specific delimiters or instructions to isolate analyzed content from the agent's internal logic.
- Capability inventory: The agent is empowered to write and modify the CLAUDE.md file based on its findings.
- Sanitization: No validation or filtering of content ingested from project files is performed.
- [SAFE]: The skill includes security-conscious guidance by instructing users to never include credentials or environment files in the documentation.
- [SAFE]: No network access, data exfiltration patterns, or unauthorized code execution vectors were detected in the skill scripts or instructions.
Audit Metadata