BitterPillEngineering
Pass
Audited by Gen Agent Trust Hub on Jun 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands to log usage metadata to
~/.claude/PAI/MEMORY/SKILLS/execution.jsonland to trigger local voice notifications viacurl. These are standard administrative actions within this agent environment. - [DATA_EXFILTRATION]: The skill performs a local network request to
http://localhost:31337/notifyusingcurl. This is intended for local inter-process communication (notifications) and does not involve transmitting data to external domains. - [PROMPT_INJECTION]: The skill processes the content of external instruction files (e.g.,
CLAUDE.md, files listed insettings.json), which introduces an indirect prompt injection surface. - Ingestion points:
settings.json, local file system paths, and user-provided instruction blocks. - Boundary markers: No specific delimiters or "ignore" instructions are used when reading files for analysis.
- Capability inventory: File system read access, file append access for logging, and shell command execution via
curlandecho. - Sanitization: No explicit sanitization of input file content is performed before processing.
Audit Metadata