whoami
Pass
Audited by Gen Agent Trust Hub on May 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs extensive automation using
bashandpython3tools. It executes a local binary at${CLAUDE_PLUGIN_ROOT}/scripts/honneand multiple inline Python snippets for JSON parsing, path resolution, and logical checks. - [PROMPT_INJECTION]: The skill includes instructions that override standard agent behavior (e.g., "Do not summarize the skill") to ensure immediate execution. It also establishes an indirect prompt injection surface by ingesting local LLM transcripts and interpolating extracted "claims" directly into synthesis prompts for the LLM without explicit boundary markers or content sanitization.
- [DATA_EXFILTRATION]: The skill reads local conversation transcripts and stores analysis results in the
.honne/workspace directory. While no network exfiltration was detected, the skill provides the agent with access to potentially sensitive user interaction history stored in the local environment.
Audit Metadata