eval-rules

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill's primary purpose is to audit and maintain project-specific and user-level Claude rule files. All operations are designed to be interactive and require user confirmation before any modifications (Edit tool) or deletions are performed.\n- [PROMPT_INJECTION]: The skill processes untrusted markdown content from external rule files, creating an indirect prompt injection surface. However, the risk is assessed as safe due to the skill's design.\n
  • Ingestion points: Rule files discovered in .claude/rules/ and ~/.claude/rules/ are read and parsed.\n
  • Boundary markers: None present in the instructions to separate rule content from agent instructions.\n
  • Capability inventory: The agent has access to Edit, Bash, Read, and Glob tools.\n
  • Sanitization: Rule content is analyzed directly without sanitization.\n
  • Mitigation: The skill enforces a strict user-in-the-loop workflow, asking for explicit user approval for every change or assessment, which prevents the agent from acting autonomously on potentially malicious instructions embedded in rule files.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 10:50 PM
Security Audit — agent-trust-hub — eval-rules