claude-update
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection surface identified. The skill incorporates user feedback and suggestions directly into project documentation and other skills.
- Ingestion points: User feedback and preferences provided during the task (SKILL.md).
- Boundary markers: Absent; no instructions provided to delimit or sanitize user input.
- Capability inventory: Modifies local files including CLAUDE.md and skill definitions in .claude/skills/.
- Sanitization: Absent; the skill lacks validation or escaping mechanisms for user-contributed patterns or rules.
Audit Metadata