ljg-blind
Pass
Audited by Gen Agent Trust Hub on Jul 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes shell commands such as
rg,jq, andgrepto parse local JSONL logs. It incorporates user-provided date arguments directly into command strings, which presents a potential command injection surface if inputs are not properly validated by the execution environment. - [EXTERNAL_DOWNLOADS]: The skill communicates with the official WeChat Reading API (
i.weread.qq.com) usingcurlto search for relevant books and retrieve chapter details. - [DATA_EXFILTRATION]: It accesses sensitive local data, including conversation histories and the user's mission statement (
MISSION.md). While only derived keywords are sent to the external WeChat Reading service, the capability to read these files is central to the skill's function. - [PROMPT_INJECTION]: By processing historical conversation logs as input for its analysis, the skill creates an indirect prompt injection surface. 1. Ingestion:
~/.claude/projects/*.jsonl; 2. Boundaries: Absent; 3. Capability inventory: Shell execution, network requests viacurl, and file writing; 4. Sanitization: Performs basic filtering of tool-use and system-related metadata from the logs.
Audit Metadata