housekeeping
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- CREDENTIALS_UNSAFE (HIGH): The skill explicitly reads ~/.claude/settings.json and ~/.claude/.mcp.json. These files are standard locations for storing sensitive data, including API keys for providers and environment variables for MCP (Model Context Protocol) servers.
- COMMAND_EXECUTION (MEDIUM): The skill uses several shell commands (find, ls, du, cat) to audit the filesystem. While used for discovery here, the 'Interactive Execution' phase (Phase 4) grants the agent the authority to perform destructive actions like deleting configuration files, hooks, and commands.
- PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection because it ingests data from external sources that could be attacker-controlled, such as CLAUDE.md and custom rules files within a project directory. (1) Ingestion points: cat /CLAUDE.md and find -path '/rules/' -type f. (2) Boundary markers: None present; the skill treats content as data for analysis without isolation. (3) Capability inventory: File reading (cat), directory traversal (find), and implied file deletion/modification in Phase 4. (4) Sanitization: No evidence of sanitization or validation of the content being read from these files.
Recommendations
- AI detected serious security threats
Audit Metadata