config-audit
Pass
Audited by Gen Agent Trust Hub on Jul 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill operates as a static analysis tool for local configuration files. It does not execute external code, perform network requests, or attempt to modify system settings beyond writing an audit report.
- [DATA_EXPOSURE]: The skill reads files from the user's home directory (
~/.claude/) and project root to perform its audit. This file access is restricted to configuration-specific paths and is essential for its stated functionality. - [PROMPT_INJECTION]: As the skill ingests and processes markdown content from potentially untrusted project files, it possesses a surface for indirect prompt injection. However, the skill instructions are procedural and focused on reporting findings rather than acting on embedded instructions. No malicious prompt injection patterns were found in the skill's own instructions.
Audit Metadata