persona
Pass
Audited by Gen Agent Trust Hub on May 22, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
bashto run a local script${CLAUDE_PLUGIN_ROOT}/scripts/honnefor persona checking and rendering tasks. These operations are scoped to the project's local directory and are standard for the skill's stated purpose. - [COMMAND_EXECUTION]: An inline
python3script is used to calculate the staleness of the persona data. This is a benign operation using standard libraries (json, datetime). - [DATA_EXPOSURE]: The skill reads and writes data within the
.honne/directory of the local project. Access is limited to project-relative paths, and no network exfiltration or access to sensitive system files is observed. - [PROMPT_INJECTION]: The skill processes data from
.honne/persona.jsonto generate AI prompts. While this represents a potential surface for indirect prompt injection if the JSON contains untrusted content, the skill uses structured system prompt templates to manage the interpolation of this data safely.
Audit Metadata