extract-rules
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill processes data from potentially untrusted sources such as the local codebase, GitHub PR review comments, and Claude conversation history. \n
- Ingestion points: Reads codebase files (Step 3), fetches PR comments via GitHub API (Step P3), and parses session history from .jsonl files (Step C3). \n
- Capability inventory: The skill has 'Write' access to the local filesystem and uses various 'Bash' tools for analysis. \n
- Sanitization: It includes a dedicated 'Security Self-Check' (Step 6.5) that greps for potential secrets, high-entropy strings, and internal URLs in the generated rule files, redacting any findings before completion. \n- [DATA_EXPOSURE]: The skill accesses sensitive local configuration and history files, such as
~/.claude/settings.jsonand session logs in~/.claude/projects/. \n - This access is required for its core functionality of extracting rules from previous conversations and resolving project settings. \n
- The data is processed locally to generate documentation and is not exfiltrated to external domains. \n- [COMMAND_EXECUTION]: The skill uses
nodeto execute its own bundled JavaScript utility,extract_session_messages.mjs. \n - This script is a specialized parser for Claude session logs and does not perform network operations or execute arbitrary external code.
Audit Metadata