claude-settings-audit
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses standard bash commands including
ls,find, andcatto perform repository reconnaissance and identify project dependencies. These operations are read-only and consistent with the skill's auditing purpose. - [EXTERNAL_DOWNLOADS]: The instructions reference documentation domains and MCP servers from well-known and trusted providers such as Sentry, GitHub, and Linear. These references are provided as configuration recommendations for the user and do not involve unauthorized or automated downloads.
- [PROMPT_INJECTION]: The skill exhibits a potential surface for indirect prompt injection because it processes data from the repository being audited. However, it effectively mitigates this risk through a comprehensive 'Important Rules' section that strictly limits recommendations to read-only commands and explicitly forbids state-modifying actions.
Audit Metadata