Skills
skills/alirezarezvani/claudeforge/claude-md-drift-audit/Gen Agent Trust Hub

claude-md-drift-audit

Pass

Audited by Gen Agent Trust Hub on Jun 24, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill's instructions direct the agent to interpolate user-provided input ($ARGUMENTS) directly into shell commands, such as git log --since="$ARGUMENTS days ago". This creates a potential command injection vector if the input is not strictly validated or sanitized by the underlying agent platform.\n- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection because it ingests untrusted data from the repository's git history and documentation files and processes them without sanitization or explicit boundaries.\n
  • Ingestion points: The skill reads CLAUDE.md files, *.claude/rules/*.md files, git log output, and dependency manifest files (e.g., package.json, requirements.txt).\n
  • Boundary markers: None present. The instructions do not define delimiters or provide instructions to the agent to ignore instructions embedded in the audited data.\n
  • Capability inventory: The skill uses Read, Glob, Grep, and restricted Bash commands (git, find) to interact with the file system and project metadata.\n
  • Sanitization: No sanitization or validation of the ingested content is performed before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 24, 2026, 10:09 AM
Security Audit — agent-trust-hub — claude-md-drift-audit