knowledge-fetch
Fail
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: HIGHDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill explicitly targets sensitive files in the user's home directory (
~/.claude/CLAUDE.md). Accessing user-level configuration files outside the current project workspace constitutes unauthorized data exposure. - [COMMAND_EXECUTION]: The skill performs broad recursive file system scanning (
{repo}/**/AGENTS.md) and probes for various configuration files across the user's system to detect and read their contents. - [PROMPT_INJECTION]: The skill is highly susceptible to indirect prompt injection. It ingests data from external, potentially attacker-controlled sources and injects it into the session context.
- Ingestion points:
~/.claude/CLAUDE.md,{repo}/AGENTS.md,{repo}/CLAUDE.md, and any markdown files found within.memory/or memory-related directories. - Boundary markers: Absent. The skill instructions do not specify any delimiters or warnings to ignore instructions embedded within the retrieved knowledge.
- Capability inventory: Extensive file-read capabilities across the project repository and the user's home directory.
- Sanitization: Absent. The skill does not perform any validation, filtering, or escaping of the content retrieved from the file system before presenting it to the agent.
Recommendations
- AI detected serious security threats
Audit Metadata