config-restore

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a local shell script located at ~/.claude/skills/config-restore/scripts/restore.sh to perform file operations using rsync or cp.
  • [DATA_EXFILTRATION]: The skill accesses and modifies the ~/.claude/ directory. This path is sensitive as it contains the agent's custom behavior definitions, commands, and subagent configurations.
  • [PROMPT_INJECTION]:
  • Ingestion points: The skill ingests untrusted configuration files, commands, and skills from a user-provided source directory (SKILL.md).
  • Boundary markers: The instructions include user confirmation prompts for overwriting files, but do not specify boundary markers to isolate or ignore potentially malicious instructions within the restored data.
  • Capability inventory: The skill possesses the capability to modify the agent's own logic by writing to the commands/ and skills/ directories (SKILL.md).
  • Sanitization: There is no evidence of sanitization or content validation performed on the files being restored into the agent's configuration.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 06:11 PM
Security Audit — agent-trust-hub — config-restore