skills/jazz1x/honne/whoami/Gen Agent Trust Hub

whoami

Pass

Audited by Gen Agent Trust Hub on May 22, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill performs extensive automation using bash and python3 tools. It executes a local binary at ${CLAUDE_PLUGIN_ROOT}/scripts/honne and multiple inline Python snippets for JSON parsing, path resolution, and logical checks.
  • [PROMPT_INJECTION]: The skill includes instructions that override standard agent behavior (e.g., "Do not summarize the skill") to ensure immediate execution. It also establishes an indirect prompt injection surface by ingesting local LLM transcripts and interpolating extracted "claims" directly into synthesis prompts for the LLM without explicit boundary markers or content sanitization.
  • [DATA_EXFILTRATION]: The skill reads local conversation transcripts and stores analysis results in the .honne/ workspace directory. While no network exfiltration was detected, the skill provides the agent with access to potentially sensitive user interaction history stored in the local environment.
Audit Metadata
Risk Level
SAFE
Analyzed
May 22, 2026, 03:48 AM
Security Audit — agent-trust-hub — whoami