claude-code-project-memory
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (LOW): Indirect prompt injection surface via project memory files.
- Ingestion points: The agent is instructed to read context and instructions from files like
./CLAUDE.md,./.claude/CLAUDE.md, and./.claude/rules/*.md. - Boundary markers: No explicit delimiters or boundary markers are defined to separate untrusted repository data from trusted agent instructions within these files.
- Capability inventory: These memory files directly influence the agent's behavior, conventions, and architectural decisions.
- Sanitization: The skill recommends manual scans for secrets but lacks automated validation or sanitization for malicious instructions embedded in memory files.
- [COMMAND_EXECUTION] (SAFE): Includes a command to run a local validation script (
lint_claude_memory.sh). This is a standard developer tool used for linting project memory files and does not involve remote code or privilege escalation.
Audit Metadata