claude-settings-audit
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes read-only shell commands (ls, find, cat) to analyze the repository structure and configuration.
- [EXTERNAL_DOWNLOADS]: The skill references documentation and configuration endpoints from well-known services and trusted organizations, including Sentry, GitHub, Linear, and various framework documentation sites such as docs.sentry.io, docs.github.com, and react.dev.
- [PROMPT_INJECTION]: The skill analyzes repository contents to provide recommendations, which creates an attack surface for indirect prompt injection. 1. Ingestion points: Reads local project files including package.json, pyproject.toml, and .claude/settings.json (SKILL.md). 2. Boundary markers: None present to delimit untrusted file content. 3. Capability inventory: Uses discovery tools like ls, find, and cat (SKILL.md). 4. Sanitization: No explicit sanitization or validation of ingested file content is mentioned.
Audit Metadata