toil-mining
Warn
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill accesses highly sensitive local files, including
~/.zsh_historyand~/.claude/usage-data/. Shell history files frequently contain plain-text credentials, API keys, or sensitive environment variables accidentally typed into the terminal. Accessing these logs without sanitization creates a risk of exposing secrets stored in the host's command history. - [COMMAND_EXECUTION]: The skill executes several local tools (
history,rtk,cass) to collect usage data. It also provides detailed configuration for persistence usinglaunchdandsystemduser timers. These templates enable 'compounding mode,' allowing the skill to run automatically in the background on a schedule (e.g., weekly), which is a standard persistence mechanism. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted data (past user commands and tool logs) to generate automation candidates.
- Ingestion points: Accesses
~/.zsh_history,~/.claude/usage-data/, andcasssession archives. - Boundary markers: None found; the skill does not appear to use delimiters to separate user data from instructions.
- Capability inventory: Executes subprocesses (
history,rtk,cass) and writes files to the.agents/toil-mining/directory. - Sanitization: No evidence of sanitization or filtering of historical prompt content before it is processed by the agent.
Audit Metadata