settings-management
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill employs a delegation-based architecture that mandates fetching all official configuration rules from a separate trusted skill. This prevents the agent from relying on potentially stale or maliciously modified local documentation.
- [SAFE]: The auditing framework (audit-framework.md) explicitly defines 'Scope-Aware Credential Detection' logic. This feature is designed to identify and flag sensitive API keys or secrets when found in version-controlled project settings, significantly reducing the risk of accidental data exposure.
- [SAFE]: The included Python utilities (extract_env_vars.py, generate_schema.py, and validate_schema.py) are transparent developer tools used for maintaining JSON schemas. While they use process execution (subprocess.run), the operations are restricted to internal script orchestration.
- [SAFE]: The skill provides comprehensive guidance on configuring the Claude Code sandbox and permissions system, including patterns for restricting tool access to specific file paths and commands, which supports secure agent operation.
Audit Metadata