Skills
skills/levnikolaevich/claude-code-skills/ln-004-agent-sync/Gen Agent Trust Hub

ln-004-agent-sync

Warn

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill is designed to read from and modify highly sensitive configuration files:
  • ~/.claude/settings.json (Source of truth)
  • ~/.gemini/settings.json (Target)
  • ~/.codex/config.toml (Target)
  • These files are known to store sensitive data such as MCP server authentication tokens, API keys, and private environment variables. While the skill performs local synchronization, the level of access to multiple agent secret stores is significant.
  • [COMMAND_EXECUTION]: The skill executes shell commands to create directory junctions or symbolic links based on paths discovered in the configuration files:
  • Windows: cmd /c mklink /J "{target_path}" "{source_path}"
  • macOS/Linux: ln -s "{source_path}" "{target_path}"
  • Command arguments (paths) are dynamically derived from the local file system and configuration files, which could lead to unexpected behavior if those files are compromised.
  • [PROMPT_INJECTION]: The skill processes data from external files (plugin.json, settings.json) which could potentially contain malicious content if a user has installed an untrusted plugin.
  • Ingestion points: Reads from ~/.claude/settings.json and globbed plugin.json files in the plugins directory.
  • Boundary markers: The skill does not define explicit boundary markers to separate data from instructions during the parsing and merging process.
  • Capability inventory: The skill possesses file system read/write capabilities and the ability to execute OS-level commands (mklink, ln).
  • Sanitization: There is no explicit mention of path sanitization or validation for the inputs extracted from Claude's settings before they are used in shell commands or merged into other configuration files.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 6, 2026, 09:41 AM