skills/dnyoussef/ai-chrome-extension/when-analyzing-user-intent-use-intent-analyzer/Gen Agent Trust Hub
when-analyzing-user-intent-use-intent-analyzer
Warn
Audited by Gen Agent Trust Hub on Jun 26, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: Step 1.1 in Phase 1 of the SKILL.md instructions captures the entire
process.envobject into a memory variable. System environment variables frequently contain high-value secrets such as API keys, authentication tokens, and database credentials, posing a high risk of sensitive data exposure. - [DATA_EXFILTRATION]: The skill performs broad environment reconnaissance, including capturing the full working directory path via
process.cwd()and conducting filesystem analysis and edit history tracking (analyzeFileSystem,getRecentEdits) without clear scoping or user-defined limits. - [COMMAND_EXECUTION]: The skill uses
npx claude-flow@alpha agent-spawnto dynamically create sub-agents (researcher, analyst, planner) whose tasks are generated directly from user-provided input. This architecture allows potentially malicious user instructions to influence the execution and logic of secondary agent processes. - [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it processes unvalidated user requests through an autonomous decomposition and planning chain.
- Ingestion points: Untrusted user input is captured in Phase 1 of SKILL.md and README.md.
- Boundary markers: There are no explicit delimiters or boundary markers used when the user request is passed to the researcher agent for decomposition.
- Capability inventory: The skill can spawn new agent processes, write files to the
/tmpdirectory, and store/retrieve data from a persistent memory system. - Sanitization: No sanitization, escaping, or validation of the user request is implemented before the content is used to define sub-agent tasks in Step 2.1.
Audit Metadata