improve-skill
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill accesses local AI agent session history files in directories including
~/.claude/projects/,~/.pi/agent/sessions/, and~/.codex/sessions/. These files contain transcripts of previous interactions and tool outputs which may include sensitive data. - [COMMAND_EXECUTION]: Provides and uses a local utility script
scripts/extract-session.jsto perform file system searches and parsing of local agent logs. - [PROMPT_INJECTION]: The skill processes untrusted session transcript data, which presents an indirect prompt injection attack surface.
- Ingestion points: Session transcripts are read from local files by the extraction script and interpolated into prompt templates.
- Boundary markers: The templates in
SKILL.mduse<session_transcript>and</session_transcript>tags to delimit untrusted content. - Capability inventory: The skill generates analysis prompts for the user to manually use in separate sessions; it does not automatically execute instructions found within the processed transcripts.
- Sanitization: Transcript content is extracted and formatted but does not undergo sanitization or escaping of potentially malicious embedded instructions.
Audit Metadata