claude-settings-audit
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Executes directory listing and file search commands (
ls,find) to identify the project tech stack. - [COMMAND_EXECUTION]: Reads the content of project configuration and dependency files (e.g.,
package.json,pyproject.toml,.claude/settings.json) to determine appropriate permissions. - [EXTERNAL_DOWNLOADS]: Recommends the installation of the
@linear/mcp-servervianpx. This targets a well-known service and is documented as a standard integration. - [PROMPT_INJECTION]: Subject to indirect prompt injection as the skill's recommendations are derived from parsing untrusted data within the repository being audited.
- Ingestion points: Dependency files (
package.json,Cargo.toml, etc.) and existing settings files. - Boundary markers: Not present.
- Capability inventory: Limited to read-only bash commands (
ls,find,cat). - Sanitization: No validation of the repository's file content is performed.
Audit Metadata