claude-framework
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFE
Full Analysis
- Security Analysis (SAFE): No malicious behaviors were detected. The skill focuses on improving code security by defining standards that prohibit hardcoded secrets and encourage input validation and parameterized queries.
- Command Execution (SAFE): The skill includes shell scripts (
init-claude-audit.sh,validate-claude-audit.sh) that perform local file system operations like searching for directories and copying template files. These scripts are intended for developer workflow management and do not exhibit dangerous behavior. - Indirect Prompt Injection (SAFE): As a code auditing tool, the skill naturally ingests untrusted code. While this constitutes an attack surface, the risk is inherent to the use case and the provided instructions utilize structured formatting to distinguish between analysis instructions and the code being reviewed.
Audit Metadata