B
85/100 First Seen
Feb 18, 2026
Last Scanned
Feb 20, 2026
Findings
1
Score
85/100
HIGH 1
Findings (1)
HIGH
Self-modifying agent instructions
L373 Detects skills that write or promote content into agent instruction files
Append the Quick Reference section to
.claude/CLAUDE.md FIX
Remove or restrict the skill's ability to modify CLAUDE.md or agent configuration files. Self-modifying agent configurations can be exploited for persistent attacks.
FP?
Likely FP if the skill is a project management tool where updating CLAUDE.md is an intended workflow feature (e.g., appending project notes), though the risk remains.