Skills
skills/levnikolaevich/claude-code-skills/ln-004-agent-config-sync/Gen Agent Trust Hub

ln-004-agent-config-sync

Warn

Audited by Gen Agent Trust Hub on Mar 19, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: Executes shell commands to create directory junctions and symbolic links between agent skill directories.
  • Evidence: Utilizes cmd /c mklink /J for Windows and ln -s for macOS/Linux systems to link plugin directories.
  • [DATA_EXFILTRATION]: Accesses and parses sensitive configuration files that typically store credentials and environment variables.
  • Evidence: Reads ~/.claude.json, ~/.claude/settings.json, ~/.gemini/settings.json, and ~/.codex/config.toml to extract and sync MCP server settings.
  • [PROMPT_INJECTION]: Vulnerable to indirect prompt injection if source configurations or local plugin metadata are modified by a malicious actor.
  • Ingestion points: Reads data from ~/.claude/plugins/*/plugin.json and local agent JSON/TOML configuration files.
  • Boundary markers: No delimiters or "ignore instructions" warnings are applied to the synced data.
  • Capability inventory: Filesystem read/write access and command execution (link creation) as documented in SKILL.md.
  • Sanitization: No sanitization or validation logic is specified for the content of the synced MCP server definitions or plugin manifests.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 19, 2026, 11:00 AM