Skills
skills/flonat/claude-research/system-audit/Gen Agent Trust Hub

system-audit

Warn

Audited by Gen Agent Trust Hub on May 3, 2026

Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill accesses sensitive configuration files, including ~/Library/Application Support/Claude/claude_desktop_config.json, ~/.mcp.json, and ~/.claude/settings.json, which frequently contain authentication secrets and API keys for configured services.
  • [DATA_EXFILTRATION]: Sub-agents perform recursive scans of research project directories in cloud storage, bringing potentially sensitive project data into the agent's context during the audit process.
  • [PROMPT_INJECTION]: The skill exhibits a large surface for indirect prompt injection as it ingests and processes content from various untrusted sources like script headers, skill metadata, and project files.
  • Ingestion points: Reads file contents and metadata across multiple system directories and research projects (Sub-agents 1-6).
  • Boundary markers: None. The prompts do not include delimiters or instructions to ignore embedded commands in the source data.
  • Capability inventory: The skill uses Bash (ls, find, grep, etc.), Read, and Task tools to navigate and extract data from the filesystem.
  • Sanitization: None. Content from scanned files is integrated into reports without validation or escaping.
  • [COMMAND_EXECUTION]: The sub-agents utilize shell commands through the Bash tool to verify system state, count resources, and check the integrity of symlinks across the environment.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 3, 2026, 01:11 PM