ContextSearch
Warn
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill directly interpolates the
$ARGUMENTSvariable into shell commands forfdandgit logoperations in Phase 1C, 2A, and 2B. This lack of sanitization allows for potential arbitrary command execution if a malicious search query or indirect injection is processed. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. Ingestion points:
~/.claude/PAI/MEMORY/STATE/work.jsonand~/.claude/PAI/MEMORY/WORK/**/ISA.md(first 10 lines). Boundary markers: Absent. Capability inventory: Includes shell execution (fd,git,grep,echo) and file read access. Sanitization: Absent. Maliciously crafted session names or project file summaries could attempt to influence the agent's subsequent behavior when this context is loaded.
Audit Metadata