usage-audit
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is potentially vulnerable to indirect prompt injection as it is designed to ingest and analyze the content of local instruction files (CLAUDE.md, SKILL.md, RULE.md) which are user-controlled or project-specific. An attacker who can influence these files could embed malicious instructions to manipulate the agent during the audit process.
- Ingestion points: The skill reads files from the project root, the
.claude/directory, and the user's home directory (~/.claude/). - Boundary markers: No specific delimiters or "ignore instructions" wrappers are used when processing the text from these files.
- Capability inventory: The skill possesses the capability to modify project settings and instruction files if the user accepts the offered fixes.
- Sanitization: No sanitization is performed on the content of the rules or instructions being audited.
- [COMMAND_EXECUTION]: The skill performs widespread file system read operations across the user's Claude Code configuration and local skill repository. It also offers to automate modifications to
settings.jsonandpermissions.deny. While these are high-privilege operations, they are explicitly limited to the configuration files relevant to the skill's stated purpose of environment auditing.
Audit Metadata