eval-rules
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's primary purpose is to audit and maintain project-specific and user-level Claude rule files. All operations are designed to be interactive and require user confirmation before any modifications (Edit tool) or deletions are performed.\n- [PROMPT_INJECTION]: The skill processes untrusted markdown content from external rule files, creating an indirect prompt injection surface. However, the risk is assessed as safe due to the skill's design.\n
- Ingestion points: Rule files discovered in
.claude/rules/and~/.claude/rules/are read and parsed.\n - Boundary markers: None present in the instructions to separate rule content from agent instructions.\n
- Capability inventory: The agent has access to
Edit,Bash,Read, andGlobtools.\n - Sanitization: Rule content is analyzed directly without sanitization.\n
- Mitigation: The skill enforces a strict user-in-the-loop workflow, asking for explicit user approval for every change or assessment, which prevents the agent from acting autonomously on potentially malicious instructions embedded in rule files.
Audit Metadata