creator-intelligence

Pass

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
  • [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill's primary function is to ingest and act upon instructions found in project-specific CLAUDE.md files.
  • Ingestion points: Root-level and project-level CLAUDE.md files (specifically ~/CLAUDE.md).
  • Boundary markers: Absent; the skill does not define specific delimiters or warnings to ignore instructions embedded within the context files.
  • Capability inventory: The skill is configured to use MCP tools for filesystem (read, write), database (query, insert), and email (send).
  • Sanitization: Absent; no methods for validating or escaping the content of project files are specified.
  • [DATA_EXFILTRATION]: Potential Information Exposure. The skill encourages users to store project architecture, personal preferences, and cross-session "Memory" in Markdown files. Instructing the agent to maintain a global memory file in the home directory (~/CLAUDE.md) creates a high-value target for data harvesting if the agent processes untrusted project data.
  • [NO_CODE]: The skill contains only Markdown instructions and YAML configuration. No executable scripts or binary files are included in the package.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 14, 2026, 06:40 AM
Security Audit — agent-trust-hub — creator-intelligence