Plugin Settings
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection surface. The skill defines a pattern where agents read and adapt behavior based on instructions stored in .claude/*.local.md files. This ingestion of project-local data creates a surface where an attacker with write access to the project directory could influence the agent. The skill (SKILL.md, references/parsing-techniques.md) explicitly recommends sanitization and validation to mitigate this risk.
- [COMMAND_EXECUTION]: Shell command execution. The skill includes utility scripts (scripts/parse-frontmatter.sh, scripts/validate-settings.sh) and example hooks (examples/read-settings-hook.sh) that use bash and standard tools like sed, awk, and grep to process configuration files. These scripts are part of the intended configuration-driven workflow but involve executing logic based on parsed file content.
Audit Metadata