BitterPillEngineering

Pass

Audited by Gen Agent Trust Hub on Jun 30, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes shell commands to log usage metadata to ~/.claude/PAI/MEMORY/SKILLS/execution.jsonl and to trigger local voice notifications via curl. These are standard administrative actions within this agent environment.
  • [DATA_EXFILTRATION]: The skill performs a local network request to http://localhost:31337/notify using curl. This is intended for local inter-process communication (notifications) and does not involve transmitting data to external domains.
  • [PROMPT_INJECTION]: The skill processes the content of external instruction files (e.g., CLAUDE.md, files listed in settings.json), which introduces an indirect prompt injection surface.
  • Ingestion points: settings.json, local file system paths, and user-provided instruction blocks.
  • Boundary markers: No specific delimiters or "ignore" instructions are used when reading files for analysis.
  • Capability inventory: File system read access, file append access for logging, and shell command execution via curl and echo.
  • Sanitization: No explicit sanitization of input file content is performed before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 30, 2026, 03:33 PM
Security Audit — agent-trust-hub — BitterPillEngineering