Skills
skills/melodic-software/claude-code-plugins/audit-rules/Gen Agent Trust Hub

audit-rules

Pass

Audited by Gen Agent Trust Hub on Apr 18, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests and processes rule files that could contain malicious instructions designed to influence subagent behavior.
  • Ingestion points: The skill reads rule files from .claude/rules/ and ~/.claude/rules/ (SKILL.md).
  • Boundary markers: No specific delimiters or 'ignore embedded instructions' warnings are mentioned for the subagent context.
  • Capability inventory: The skill uses Bash, Read, and Task tools, and spawns the memory-component-auditor and audit-finding-validator subagents.
  • Sanitization: No content sanitization or validation of internal text is documented before the subagents process the data.
  • [COMMAND_EXECUTION]: The skill utilizes the Bash and Task tools for environment initialization, file discovery, and coordinating the execution of auditing subagents.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 18, 2026, 09:18 AM
Security Audit — agent-trust-hub — audit-rules