Skills
skills/laurigates/claude-plugins/blueprint-claude-md/Gen Agent Trust Hub

blueprint-claude-md

Pass

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill employs a bash command using the jq utility to update a project manifest file at docs/blueprint/manifest.json. This command is used to record task completion metadata such as timestamps and run counts.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it ingests content from external PRD and rule files to generate project instructions.
  • Ingestion points: Reads documentation from docs/prds/*.md and .claude/rules/*.md to build the CLAUDE.md content.
  • Boundary markers: There are no explicit boundary markers or instructions used to wrap the ingested content to prevent the agent from following embedded instructions.
  • Capability inventory: The skill utilizes the Bash, Write, and Edit tools for project management.
  • Sanitization: No sanitization process is described for the content extracted from external markdown files before it is written to the instruction file.
Audit Metadata
Risk Level
SAFE
Analyzed
May 14, 2026, 04:17 PM
Security Audit — agent-trust-hub — blueprint-claude-md