evolving-config
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill uses
WebFetchto download the Claude Code changelog fromgithub.com/anthropics/claude-code. This is a trusted repository belonging to a trusted organization. - [COMMAND_EXECUTION]: The skill utilizes
Read,Write,Edit, andGlobtools to manage local configuration files, includingsettings.jsonand other markdown-based instructions. This is necessary for the skill's primary function of configuration auditing. - [DATA_EXFILTRATION]: The skill reads potentially sensitive configuration files such as
.claude/settings.jsonand.claude/settings.local.json. While these files may contain environment variables or project settings, the skill does not exhibit patterns of exfiltrating this data to untrusted external domains. Data is used locally for gap analysis and research queries. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it processes untrusted data from external sources.
- Ingestion points: Phase 2 (GitHub changelog) and Phase 3 (Perplexity search results via MCP tool).
- Boundary markers: No specific delimiters or "ignore embedded instructions" warnings are used when processing external content.
- Capability inventory: The skill has
Write,Edit, andWebFetchcapabilities, allowing it to modify local files or reach out to the network based on processed data. - Sanitization: There is no evidence of sanitization or validation of the fetched data before it is presented in the report or used to suggest configuration changes.
- Mitigation: The risk is significantly mitigated by the
AskUserQuestionrequirement in Phase 5, which mandates explicit user approval before any changes are applied to the filesystem.
Audit Metadata