Skills
skills/ascorbic/macrodata/distill/Gen Agent Trust Hub

distill

Warn

Audited by Gen Agent Trust Hub on Mar 30, 2026

Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: Accesses sensitive conversation history logs located in ~/.claude/projects. These logs contain transcripts of previous interactions which may include private information, credentials, or code.
  • [COMMAND_EXECUTION]: Executes shell commands via find to navigate the file system and locate specific data files in the user's home directory.
  • [PROMPT_INJECTION]: Identified as a surface for indirect prompt injection (Category 8). 1. Ingestion points: The skill reads external data from *.jsonl files in ~/.claude/projects which contain untrusted content from previous chat sessions. 2. Boundary markers: Absent; the conversation content is passed to sub-agents via the Task tool without delimiters or instructions to ignore embedded commands. 3. Capability inventory: The skill has the ability to read and write files, execute shell commands, and log to journals. 4. Sanitization: Absent; the extracted facts and decisions are written directly to entity files and journals without validation.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 30, 2026, 07:26 PM
Security Audit — agent-trust-hub — distill