reviewing-cc-config
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes a restricted bash command
Bash(wc *)to calculate word counts for token estimation. This is limited to local configuration files and does not present a command injection risk in this context. - [DATA_EXFILTRATION]: No network tools (such as curl or wget) are included in the
allowed-toolslist. The skill reads local configuration files, including the global~/.claude/CLAUDE.md, which is consistent with its stated purpose of auditing configuration quality. - [PROMPT_INJECTION]: The skill implements automated reviews using sub-agents. While it processes user-provided configuration files which could contain instructions, the primary agent maintains control of the workflow and any edits to the filesystem are gated by user confirmation or a specific command-line argument (
--fix).
Audit Metadata