Skills
skills/cerico/macfair/permissions/Gen Agent Trust Hub

permissions

Warn

Audited by Gen Agent Trust Hub on Feb 24, 2026

Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [DATA_EXPOSURE_AND_EXFILTRATION]: Accesses sensitive security configuration files.
  • Evidence: Reads and writes ~/.claude/permissions.md and ~/macfair/files/claude/settings.json.
  • Impact: Exposure of the agent's permission model and internal configuration.
  • [PRIVILEGE_ESCALATION]: The skill facilitates the modification of its own authorized capabilities.
  • Evidence: Programmatically updates the permissions.allow array in settings.json based on the triage process, allowing the agent to expand its own attack surface.
  • Risk: An attacker could influence the agent to prompt the user to allow malicious tools or patterns.
  • [INDIRECT_PROMPT_INJECTION]: Vulnerability to indirect prompt injection from the triage source file.
  • Ingestion points: ~/.claude/permissions.md (Step 1).
  • Boundary markers: Absent; the skill does not use delimiters when presenting undecided entries to the user.
  • Capability inventory: File-read, File-write (settings.json).
  • Sanitization: Absent; tool descriptions and metadata are presented to the user without filtering.
  • [COMMAND_EXECUTION]: Instructs the user to execute a manual deployment step.
  • Evidence: Instructions tell the user to run make claude to deploy the new permission settings.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 24, 2026, 12:30 PM