agent-config-audit
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and process untrusted data from various workspace configuration files. 1. Ingestion points: Processes CLAUDE.md, CODEX.md, AGENTS.md, .cursorrules, and other config files using glob and grep (SKILL.md). 2. Boundary markers: No specific delimiters or warnings are used to isolate the agent from instructions embedded within the audited files. 3. Capability inventory: The skill has access to Write, Edit, Bash, and Task tools (SKILL.md). 4. Sanitization: No evidence of sanitization or validation of the content read from workspace files before reporting or applying fixes.
- [DATA_EXPOSURE_AND_EXFILTRATION]: The skill audits sensitive configuration files such as .claude/settings.json and searches for absolute user paths (/Users/). However, the access is restricted to the local workspace and no network-capable tools (like curl or wget) are requested, significantly reducing exfiltration risk.
- [COMMAND_EXECUTION]: The skill utilizes shell commands (
glob,grep) within its workflow to perform file discovery and content analysis across the workspace.
Audit Metadata