config-restore
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local shell script located at
~/.claude/skills/config-restore/scripts/restore.shto perform file operations usingrsyncorcp. - [DATA_EXFILTRATION]: The skill accesses and modifies the
~/.claude/directory. This path is sensitive as it contains the agent's custom behavior definitions, commands, and subagent configurations. - [PROMPT_INJECTION]:
- Ingestion points: The skill ingests untrusted configuration files, commands, and skills from a user-provided source directory (SKILL.md).
- Boundary markers: The instructions include user confirmation prompts for overwriting files, but do not specify boundary markers to isolate or ignore potentially malicious instructions within the restored data.
- Capability inventory: The skill possesses the capability to modify the agent's own logic by writing to the
commands/andskills/directories (SKILL.md). - Sanitization: There is no evidence of sanitization or content validation performed on the files being restored into the agent's configuration.
Audit Metadata