claude-oil
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill injects a set of "Execution Contracts" into the project's configuration file that are explicitly labeled as "highest priority" (
最高优先级). These instructions command the agent to "execute directly without asking" (直接执行不要询问) for decisions with default values and to "prioritize execution, reporting is secondary" (优先执行,报告次之). These directives are designed to override standard agent safety and confirmation protocols. - [COMMAND_EXECUTION]: The skill automates the reading and writing of the
CLAUDE.mdfile in the project root. By modifying this file, the skill implements a persistent change to the agent's behavioral logic that lasts across all future sessions in the project, effectively acting as a persistent prompt injection vector.
Audit Metadata