docs(security): clarify defensive examples in CLAUDE.md prompt-injection section#73
Merged
Merged
Conversation
…ion section Ran AgentShield (ecc-agentshield) against the repo. Project grade is C (64/100), but the bulk of findings are against `.claude/settings.local.json` and `.claude/commands/speckit.*` — files that live entirely outside this repo (`.claude/` is already in .gitignore; `git ls-files .claude/` returns empty). They are the maintainer's local Claude Code session state and shipped plugin skills, not project-tracked configuration. The remaining CLAUDE.md findings (3 hits at lines 193 and 238) are false positives on the defensive documentation that LISTS the override-pattern examples we DEFEND against. The patterns are in quotes inside an explanatory list — they're not directives. Add a one-line note under "Prompt Injection Defenses" pointing this out so future scans + auditors aren't confused. The note also tells human reviewers that the scanner output is expected to surface those strings — silence-on-grade is the goal, but the patterns themselves must stay legible for the agent to recognise the threat. Surfaced by user-requested AgentShield scan + 2026-06-11 audit.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Ran AgentShield (
ecc-agentshield) against the repo per the user request. Project grade: C (64/100). The vast majority of findings (46 total) sit against files that don't ship with the repo:.claude/settings.local.json— maintainer's local Claude Code session state (.claude/is already in.gitignore;git ls-files .claude/returns empty).claude/commands/speckit.*— installed plugin skills, not project configSo the published repo is materially unaffected by the AgentShield CRITICAL/HIGH counts.
The remaining hits against tracked files (3 against CLAUDE.md at lines 193 and 238) are false positives: they fire on the defensive list of override-pattern examples the agent is told to DEFEND against, sitting inside the "Prompt Injection Defenses" section. The patterns are in quotes inside an explanatory list — not directives.
Changes
Add a one-line note under "Prompt Injection Defenses" pointing this out so future scans + auditors aren't confused. The note keeps the patterns legible (the agent needs to recognise the threat literals) while flagging the scanner false positive for human reviewers.
Test plan
go build ./...clean.Audit traceability
User-requested AgentShield scan + 2026-06-11 security audit closeout.