transcript-promotion

Pass

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes several shell scripts (scripts/extract-anchor-range.sh, scripts/propagate-via-chezmoi.sh) to perform verbatim text extraction and repository synchronization. These scripts invoke system utilities such as jq, grep, awk, sed, git, and chezmoi to process transcript data and manage local/remote file state.
  • [EXTERNAL_DOWNLOADS]: The skill is configured to synchronize artifacts with a remote Git repository located at https://github.com/4444J99/domus-semper-palingenesis.git. This repository is a vendor-owned resource associated with the skill author and is used to provide the 'remote-backed' durability described in the skill's purpose.
  • [PROMPT_INJECTION]: The skill facilitates the promotion of content from transcripts to durable files, which presents an attack surface for indirect prompt injection.
  • Ingestion points: Content is extracted from JSONL transcripts stored in ~/.claude/projects/, as implemented in scripts/extract-anchor-range.sh.
  • Boundary markers: The scripts/propose-frontmatter.py script prepends a structured YAML frontmatter block to the promoted content, though it does not include explicit instructions for the agent to ignore potentially malicious content within the verbatim slice.
  • Capability inventory: The skill possesses capabilities for filesystem read/write and command execution via standard shell tools and version control systems as specified in the side_effects of SKILL.md.
  • Sanitization: The extraction process is intentionally verbatim to preserve an audit trail; the skill does not perform sanitization or filtering of the promoted text.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 16, 2026, 12:03 PM
Security Audit — agent-trust-hub — transcript-promotion