claude-permissions-audit
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its handling of external configuration files.
- Ingestion points: Phase 1 scans and reads global and local settings files (~/.claude/settings.json, settings.local.json, and dotfiles).
- Boundary markers: The instructions do not define explicit delimiters or 'ignore' commands to separate the configuration data from the agent's instructions during the audit process.
- Capability inventory: The skill includes high-privilege file-write capabilities in Phase 4, allowing it to modify the agent's core security configuration (permissions).
- Sanitization: There is no mention of validating or sanitizing the data retrieved from the settings files before it is processed and written back to disk.
Audit Metadata