skills/ngmeyer/skills/claude-md/Gen Agent Trust Hub

claude-md

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFE
Full Analysis
  • [DATA_EXPOSURE]: The skill includes a dedicated 'Secret Scan' phase that proactively searches for sensitive data such as API keys (including Stripe, OpenAI, and Anthropic), authorization tokens, and database connection strings. This functionality is intended to identify and help remediate accidental credential exposure in project documentation.
  • [COMMAND_EXECUTION]: The skill leverages local Unix utilities including 'bash', 'find', 'grep', and 'wc' to locate files within specified project directories and perform content analysis. These operations are standard for auditing tasks and do not involve the execution of untrusted external scripts.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes the content of 'CLAUDE.md' and 'AGENTS.md' files found within user projects. While these files are external data sources, the skill is structured to audit their content against a fixed rubric rather than execute them as instructions, mitigating the risk of obedience to embedded malicious prompts.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 11:36 AM