Skills
skills/claude-world/director-mode-lite/changelog/Gen Agent Trust Hub

changelog

Warn

Audited by Gen Agent Trust Hub on Mar 25, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill configures persistent PostToolUse hooks in .claude/settings.local.json that trigger the execution of local shell scripts (log-file-change.sh and log-bash-event.sh) automatically whenever Write, Edit, or Bash tools are used.
  • [PROMPT_INJECTION]: The skill introduces an indirect prompt injection surface where subagents like code-reviewer and debugger consume the .director-mode/changelog.jsonl file. Attacker-controlled data captured in logs could influence subagent behavior. Ingestion points: .director-mode/changelog.jsonl. Boundary markers: None specified. Capability inventory: The system utilizes scripts with shell and file access. Sanitization: No mention of sanitizing tool outputs or file names before logging.
  • [COMMAND_EXECUTION]: Instructions direct users to use chmod +x on scripts within the .claude/hooks/ directory, enabling the execution of local shell scripts.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 25, 2026, 01:14 PM