ln-004-agent-config-sync
Warn
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Executes platform-specific shell commands to create directory junctions and symbolic links.
- Evidence: 'cmd /c mklink /J' on Windows and 'ln -s' on macOS/Linux.
- [DATA_EXFILTRATION]: Accesses sensitive local configuration paths that frequently contain API keys, bearer tokens, and environment secrets.
- Evidence: Accesses '
/.claude/settings.json', '/.gemini/settings.json', and '~/.codex/config.toml'. - [PROMPT_INJECTION]: Contains an indirect prompt injection surface by ingesting and processing untrusted data from local configuration and plugin files.
- Ingestion points: Reads 'settings.json', 'config.toml', and 'plugin.json' from multiple local directories.
- Boundary markers: Absent. No delimiters or warnings used when processing external data.
- Capability inventory: Shell command execution (mklink, ln) and filesystem write operations (config file updates).
- Sanitization: Absent. The workflow does not specify validation or sanitization of content read from source files before merging into target configurations.
Audit Metadata