Skills
skills/fellowship-dev/dogfooded-skills/distill/Gen Agent Trust Hub

distill

Warn

Audited by Gen Agent Trust Hub on Apr 30, 2026

Risk Level: MEDIUMCREDENTIALS_UNSAFEDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill attempts to harvest sensitive tokens, specifically GH_TOKEN_FELLOWSHIP and QUEST_TOKEN, by reading a .env file at a hardcoded external path: /home/ubuntu/projects/fellowship-dev/claude-buddy/.env.
  • [DATA_EXFILTRATION]: Accesses internal agent session logs stored in ~/.claude/projects/, which contain full transcripts of previous interactions and potentially sensitive system or user data.
  • [COMMAND_EXECUTION]: Dynamically generates multiple Python scripts (such as distill_parse.py, distill_classify.py, and distill_aggregate.py) and executes them via the command line at runtime to process mission data.
  • [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection by ingesting and processing untrusted data from mission reports and session logs, which could influence the failure classification logic.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 30, 2026, 09:56 PM