claude-permissions
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill is intended to review permissions within other skills, agents, and configuration files, which creates an ingestion surface for untrusted data that could influence the agent's behavior. (1) Ingestion points: External skill files, custom commands, and settings.json files reviewed by the agent. (2) Boundary markers: Absent (the skill provides no specific delimiters or warnings to ignore instructions within the files being analyzed). (3) Capability inventory: Read, Write, Edit, Grep, and Glob tools are authorized in the skill frontmatter. (4) Sanitization: Absent.
- Data Exposure & Exfiltration (SAFE): While the documentation mentions sensitive file paths such as ~/.ssh/ and ~/.aws/credentials, it does so exclusively in the context of security recommendations and 'deny' rule examples. No malicious file access or network exfiltration patterns were detected.
- Prompt Injection (SAFE): No direct prompt injection, system prompt extraction attempts, or safety bypass instructions were found in the content.
Audit Metadata