distill
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security risks were identified. The skill is designed to manage and organize agent-specific configuration files locally within the user's environment.
- [PROMPT_INJECTION]: The skill uses an Indirect Prompt Injection surface by processing session history (untrusted data) to generate new executable artifacts. While this is the intended functionality for a workflow capture tool, it creates a potential channel for malicious instructions in the history to influence future generated artifacts.
- Ingestion points: Session history/interaction logs (referenced as 'Prima Materia' or 'SessionHistory').
- Boundary markers: Absent; the instructions do not explicitly provide delimiters to separate the historical data from the generation logic.
- Capability inventory: File-write operations to the
~/.claude/directory structure for creating new markdown-based commands and skills. - Sanitization: Not present; the skill relies on the AI's inherent reasoning to accurately map session patterns into the provided templates.
- [DATA_EXPOSURE]: The skill references paths for local configuration (e.g.,
~/.claude/commands/distill.md,~/.claude/agents/alembic/agent.md). These are the standard directories for managing the agent's own capabilities and do not expose sensitive system data or personal credentials. - [PROMPT_INJECTION]: The use of complex philosophical metaphors (Alchemy, Category Theory, Quantum Mechanics) is used strictly for instructional framing and goal-setting for the agent. It does not attempt to bypass safety filters or ignore prior system instructions.
Audit Metadata