Skills
skills/jeremylongshore/claude-code-plugins-plus/finding-security-misconfigurations/Gen Agent Trust Hub

finding-security-misconfigurations

Pass

Audited by Gen Agent Trust Hub on Apr 4, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: No malicious patterns or security risks were detected. The skill's access to configuration files and use of security scanners is aligned with its stated purpose of identifying misconfigurations.
  • [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection because it processes untrusted configuration data from the local environment. However, the instructions focus on identifying specific security patterns (e.g., OWASP, CIS Benchmarks), which limits the risk of the agent being misled by embedded instructions in the scanned data.
  • Ingestion points: ${CLAUDE_SKILL_DIR}/ (Terraform, YAML, JSON, etc.) in SKILL.md
  • Boundary markers: None explicitly mentioned.
  • Capability inventory: Bash (config-scan, iac-check), Write, Edit across multiple files
  • Sanitization: None explicitly mentioned for input processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 4, 2026, 08:04 PM