claude-md-improver

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill implements strong security boundaries by explicitly instructing the agent to avoid accessing private user files like CLAUDE.local.md and prohibiting modifications to system-level managed policy files. All shell commands used for discovery are restricted to the local project environment.
  • [PROMPT_INJECTION]: The skill processes untrusted repository files which constitutes an indirect prompt injection surface. However, the skill instructions include specific rubrics and validation checks to ensure quality and adherence to project-specific standards, and it employs a report-first workflow that requires plan approval before edits.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 07:19 AM
Security Audit — agent-trust-hub — claude-md-improver