claude-settings-audit
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: Uses basic, non-destructive system commands such as
ls,find, andcatto inspect project directory structure and identify the development environment. - [EXTERNAL_DOWNLOADS]: Recommends the use of documentation from trusted organizations and well-known services (Sentry, GitHub, Linear, etc.) and suggests official MCP server configurations for Sentry and Linear.
- [DATA_EXFILTRATION]: Accesses project metadata and local configuration files, including dependency lists and
.sentryclirc, to categorize the technology stack. This data is processed locally to provide recommendations to the user and is not transmitted to external entities. - [PROMPT_INJECTION]: Ingests untrusted data from repository files (Indirect Prompt Injection surface). The skill mitigates this risk by providing the agent with strict rules to only recommend read-only, state-neutral commands and to ignore custom or high-risk scripts.
Audit Metadata