project-claude-md
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing untrusted project data to generate instructions for the agent.
- Ingestion points: The process reads source code files (.c, .h), project configuration (sdkconfig.defaults, justfile), and documentation (README.md, WIRING.md) as specified in SKILL.md.
- Boundary markers: No explicit delimiters or warnings to ignore embedded instructions are provided when reading these files.
- Capability inventory: The skill utilizes Read, Write, Edit, Grep, Glob, and Agent tools.
- Sanitization: There is no evidence of sanitization or validation of the content read from external files before it is interpolated into the generated CLAUDE.md file.
- [DATA_EXFILTRATION]: The skill instructions may lead to the exposure of sensitive data. In the Style Rules section of SKILL.md, the agent is directed to include credential handling and specify what values to set. This practice encourages the documentation of secrets (like WiFi or API keys) in plain text within the project's documentation, posing a risk of credential exposure if the generated file is committed to a repository.
Audit Metadata