distill

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: No malicious patterns or security risks were identified. The skill is designed to manage and organize agent-specific configuration files locally within the user's environment.
  • [PROMPT_INJECTION]: The skill uses an Indirect Prompt Injection surface by processing session history (untrusted data) to generate new executable artifacts. While this is the intended functionality for a workflow capture tool, it creates a potential channel for malicious instructions in the history to influence future generated artifacts.
  • Ingestion points: Session history/interaction logs (referenced as 'Prima Materia' or 'SessionHistory').
  • Boundary markers: Absent; the instructions do not explicitly provide delimiters to separate the historical data from the generation logic.
  • Capability inventory: File-write operations to the ~/.claude/ directory structure for creating new markdown-based commands and skills.
  • Sanitization: Not present; the skill relies on the AI's inherent reasoning to accurately map session patterns into the provided templates.
  • [DATA_EXPOSURE]: The skill references paths for local configuration (e.g., ~/.claude/commands/distill.md, ~/.claude/agents/alembic/agent.md). These are the standard directories for managing the agent's own capabilities and do not expose sensitive system data or personal credentials.
  • [PROMPT_INJECTION]: The use of complex philosophical metaphors (Alchemy, Category Theory, Quantum Mechanics) is used strictly for instructional framing and goal-setting for the agent. It does not attempt to bypass safety filters or ignore prior system instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 11:29 AM
Security Audit — agent-trust-hub — distill