create-rule
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes existing project instruction files (CLAUDE.md and .claude/rules/) which may contain untrusted data from the repository.\n
- Ingestion points: Phase 4 of SKILL.md reads existing rule files from .claude/rules/ and CLAUDE.md into the agent context.\n
- Boundary markers: Absent. The sub-agent prompts do not include instructions to isolate or ignore potentially malicious instructions embedded in the project files.\n
- Capability inventory: The skill uses Write, Edit, and Bash(mkdir) tools to create or modify local configuration files based on the processed data.\n
- Sanitization: Absent. The skill does not validate or sanitize the content extracted from existing rules before using it to generate and write new rule structures.
Audit Metadata