transcript-promotion
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes several shell scripts (
scripts/extract-anchor-range.sh,scripts/propagate-via-chezmoi.sh) to perform verbatim text extraction and repository synchronization. These scripts invoke system utilities such asjq,grep,awk,sed,git, andchezmoito process transcript data and manage local/remote file state. - [EXTERNAL_DOWNLOADS]: The skill is configured to synchronize artifacts with a remote Git repository located at
https://github.com/4444J99/domus-semper-palingenesis.git. This repository is a vendor-owned resource associated with the skill author and is used to provide the 'remote-backed' durability described in the skill's purpose. - [PROMPT_INJECTION]: The skill facilitates the promotion of content from transcripts to durable files, which presents an attack surface for indirect prompt injection.
- Ingestion points: Content is extracted from JSONL transcripts stored in
~/.claude/projects/, as implemented inscripts/extract-anchor-range.sh. - Boundary markers: The
scripts/propose-frontmatter.pyscript prepends a structured YAML frontmatter block to the promoted content, though it does not include explicit instructions for the agent to ignore potentially malicious content within the verbatim slice. - Capability inventory: The skill possesses capabilities for filesystem read/write and command execution via standard shell tools and version control systems as specified in the
side_effectsofSKILL.md. - Sanitization: The extraction process is intentionally verbatim to preserve an audit trail; the skill does not perform sanitization or filtering of the promoted text.
Audit Metadata