agent-guardrails-update
Warn
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill dynamically generates a Python script at
/tmp/agent-guardrails-update.pyand executes it to process session logs. - [COMMAND_EXECUTION]: The skill modifies the
.claude/hooks/stop-guardrails.shshell script hook. Modifying such scripts allows for the persistent alteration of the agent's behavior and execution environment. - [DATA_EXFILTRATION]: The skill accesses session logs located in
~/.claude/projects/. These files contain historical interaction data and may include sensitive user information or code. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by ingesting untrusted session log data. \n
- Ingestion points: Historical session logs in JSONL format from
~/.claude/projects/. \n - Boundary markers: The analysis process lacks explicit delimiters or instructions to ignore embedded commands within the log data. \n
- Capability inventory: The skill can execute shell commands, write files, and edit local scripts. \n
- Sanitization: No evidence of sanitization or validation of the log content is provided before processing.
Audit Metadata