claude-md-improver
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill implements strong security boundaries by explicitly instructing the agent to avoid accessing private user files like CLAUDE.local.md and prohibiting modifications to system-level managed policy files. All shell commands used for discovery are restricted to the local project environment.
- [PROMPT_INJECTION]: The skill processes untrusted repository files which constitutes an indirect prompt injection surface. However, the skill instructions include specific rubrics and validation checks to ensure quality and adherence to project-specific standards, and it employs a report-first workflow that requires plan approval before edits.
Audit Metadata