extract
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands (
grep,sed,pwd) to programmatically determine paths and search for keywords within the project's local environment. - [DATA_EXFILTRATION]: Accesses internal application memory files located at
$HOME/.claude/projects/*/memory. These files can contain sensitive information, including proprietary logic, project structures, or accidentally captured credentials from previous development sessions. - [PROMPT_INJECTION]: Vulnerable to Indirect Prompt Injection (Category 8) due to the processing of untrusted data from memory files.
- Ingestion points: Reads project-specific memory files (
SKILL.mdStep 1) and user-provided descriptions. - Boundary markers: None identified. The skill does not use delimiters or instructions to ignore potential commands embedded in the source material.
- Capability inventory: The skill has read access to the local file system (via
grep) and write access to create new skill directories and files. - Sanitization: Lacks sanitization or validation of the content retrieved from memory before it is formatted into a new, executable SKILL.md file.
Audit Metadata