boundary
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's primary function is to read local project files—specifically
CLAUDE.md,ARCHITECTURE.md, anddocs/tool-routing-report.md—to generate a rule file in.claude/rules/tool-boundary.md. All file operations are restricted to the local filesystem, and there are no network requests, external downloads, or command execution patterns identified. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it ingests contents from markdown files to create agent instructions. However, the risk is mitigated by the mandatory prerequisite that the source routing report must be marked with
status: approvedby the developer, ensuring a human-in-the-loop validation process. - [Ingestion points]: Reads
docs/tool-routing-report.md,CLAUDE.md, and individualSKILL.mdfiles from the filesystem. - [Boundary markers]: The generated output is structured as a standard Markdown file with clear headers and project scope declarations.
- [Capability inventory]: The skill is limited to reading and writing local files and does not have the capability to execute code or access the network.
- [Sanitization]: No programmatic sanitization is performed on the ingested text, relying instead on the manual approval workflow to prevent malicious instruction persistence.
Audit Metadata