claude-project-manifest
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [SAFE]: The skill is documentation-based and does not provide any executable code or request any tool permissions. It focuses on project organization and knowledge mapping through YAML and JSON templates.
- [SAFE]: The guidelines in 'references/annotation-guidelines.md' and the manifest templates explicitly include security warnings, advising users to use environment variables for secrets instead of storing them within manifest files.
- [SAFE]: Python code snippets provided as workflow integration examples in 'references/workflow-integration.md' demonstrate secure practices, such as using 'yaml.safe_load()' to avoid vulnerabilities associated with untrusted data deserialization.
- [NO_CODE]: The skill folder contains only markdown documentation, YAML/JSON schemas, and template files. No functional scripts or binaries are distributed with the skill.
Audit Metadata