meta-audit
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill follows security best practices by limiting its toolset to Read, Glob, and TodoWrite. It performs a read-only audit of local agent configurations and does not perform network operations or execute arbitrary shell commands.\n- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it processes external agent definition files. This is inherent to its role as an auditor and the risk is mitigated by its lack of execution capabilities.\n
- Ingestion points: Reads files from .claude/agents/*.md and .claude/agents/settings.local.json.\n
- Boundary markers: The skill does not implement specific delimiters or 'ignore' instructions when reading file content.\n
- Capability inventory: Operations are restricted to Glob, Read, and TodoWrite.\n
- Sanitization: No specific content sanitization or validation is performed on the ingested markdown data before analysis.
Audit Metadata