claude-sync
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes several shell commands including
git,rsync,cp,test, andrmto validate repository state and perform file synchronization operations. - [DATA_EXFILTRATION]: The skill accesses and copies files such as
.claude/settings.jsonand.claude/mcp.json, which often store sensitive credentials, API tokens, and internal environment details. While the operations are local, this represents a potential exposure of sensitive secrets. - [PROMPT_INJECTION]: The skill presents a risk of indirect prompt injection by copying natural language instruction files (
CLAUDE.md, skills) from an external source to the target codebase. - Ingestion points: Files read from the user-specified
source_pathas described inSKILL.md. - Boundary markers: No delimiters or protective instructions are used to prevent the agent from obeying instructions embedded in the synced files.
- Capability inventory: The skill has the ability to perform file writes (
shutil.copy2) and execute system commands (git,rsync) within the target repository. - Sanitization: No content filtering, escaping, or validation is performed on the data being synced.
Audit Metadata