claude-md-progressive-disclosurer
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill defines shell scripts for the agent to execute, performing tasks like file backup (
cp), reading from git history (git show), and verifying file references (grep,test). These scripts are correctly implemented to avoid command injection by using quoted variable expansions. - [INDIRECT_PROMPT_INJECTION]: The skill's core functionality involves reading and reorganizing content from
CLAUDE.mdand other documentation files. This creates an attack surface where malicious instructions within the documentation could influence the agent. - Ingestion points: Untrusted content is read from
CLAUDE.mdanddocs/references/*.md(SKILL.md). - Boundary markers: None identified; the skill processes chunks of text based on markdown headers.
- Capability inventory: The agent can read/write local files and execute shell commands (
grep,git,sed) to perform the optimization. - Sanitization: No sanitization or filtering is applied to the content being processed.
- [SAFE]: No external network connections, unauthorized data exfiltration, or remote code execution patterns were detected. The skill's operations are confined to the local environment and intended project files.
Audit Metadata