Skills
skills/flonat/claude-research/session-log/Gen Agent Trust Hub

session-log

Pass

Audited by Gen Agent Trust Hub on May 3, 2026

Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill instructions explicitly direct the agent to monitor and read from the ~/.claude/ directory to log changes to global infrastructure, such as skills, hooks, and settings. This directory is sensitive as it contains the agent's internal state and configuration. Accessing these paths creates a risk of exposing the agent's internal environment details.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and summarizes external, potentially untrusted content.
  • Ingestion points: The agent reads existing context from .context/current-focus.md and historical logs in log/*.md (SKILL.md, Step 2).
  • Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are present in the skill.
  • Capability inventory: The skill utilizes Read, Write, Edit, mkdir, and ls (SKILL.md, frontmatter).
  • Sanitization: No sanitization or validation of the ingested content is specified before the agent processes and summarizes it.
  • [COMMAND_EXECUTION]: The skill uses the Bash(mkdir*) and Bash(ls*) tools to manage the directory structure for logs. While restricted to specific commands, this allows the agent to modify and traverse the local filesystem.
Audit Metadata
Risk Level
SAFE
Analyzed
May 3, 2026, 01:11 PM