System
Pass
Audited by Gen Agent Trust Hub on Jun 30, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The WorkContextRecall and DocumentSession workflows analyze session transcripts and project files, creating an indirect prompt injection surface.
- Ingestion points: Session logs located in
~/.claude/projects/and project artifacts inMEMORY/(Workflows/DocumentRecent.md, Workflows/WorkContextRecall.md). - Boundary markers: Absent; the skill does not use specific delimiters or instructions to prevent the agent from obeying commands embedded in the ingested text.
- Capability inventory: The skill can execute shell commands (
git,grep,find), write new files to the system viaCreateUpdate.ts, and perform network notifications (Workflows/IntegrityCheck.md). - Sanitization: Absent; ingested content is processed directly for AI synthesis without escaping or validation.
- [COMMAND_EXECUTION]: The skill performs numerous shell-based operations for system health monitoring and repository management, utilizing tools like
git,grep,find, and thebunruntime. - [SAFE]: The network requests observed are
curlcommands directed tolocalhost:8888for status notifications. Sincelocalhostis a whitelisted domain, this does not constitute a data exfiltration risk.
Audit Metadata