health-audit
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the dynamic context injection syntax (
!command) to run discovery commands likepwdandfindat load time. These are used safely to determine the presence of project manifest files (e.g., package.json, Cargo.toml) and populate the agent's context with environment details. - [COMMAND_EXECUTION]: The skill uses scoped tools such as
jqto parse local configuration files and theclaude pluginCLI to interface with the plugin marketplace. These operations are restricted to relevant configuration data. - [SAFE]: The skill accesses sensitive local files like
~/.claude/settings.jsonto check for globally enabled plugins. This is consistent with its stated purpose of preventing redundant project-level configurations and does not involve any network exfiltration of this data. - [SAFE]: Remediation and file modification steps include safety measures, specifically the creation of a
.backupfile and mandatory user confirmation checkpoints before any changes are written to the filesystem.
Audit Metadata