curate
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core functionality of mining session transcripts. Transcripts contain untrusted data from user interactions and potentially external content retrieved during the session. If this content contains malicious instructions designed to subvert the mining process, it could lead to the ingestion of manipulated knowledge or the proposal of flawed skill modifications.
- Ingestion points: The skill reads session transcripts from
~/.claude/projects/<project>/<session>/*.jsonl, the.agents/corpus, and cross-rig learnings. - Boundary markers: The skill instructions do not define specific delimiters or 'ignore' instructions to separate raw transcript content from the analysis logic.
- Capability inventory: The skill has the capability to write to the knowledge corpus (
.agents/research/,wiki/), createbdnotes, and propose code changes via.agents/skill-diffs/. - Sanitization: There is no mention of sanitization, escaping, or validation logic for the external content processed from transcripts.
Audit Metadata