lovstudio-auto-context

Warn

Audited by Gen Agent Trust Hub on May 2, 2026

Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill accesses and reads from ~/.claude/CLAUDE.md. This is a global configuration file that contains authoritative instructions and settings for the agent. Accessing such sensitive paths is a security concern as it involves reading files outside the immediate project scope.
  • [COMMAND_EXECUTION]: The skill performs persistent file system modifications, including writing memory files to ~/.claude/projects/<project-slug>/memory/ and editing CLAUDE.md files in the global and local directories. These operations allow the skill to modify the agent's behavior and instructions permanently.
  • [PROMPT_INJECTION]: The skill implements a workflow that is vulnerable to indirect prompt injection:
  • Ingestion points: The skill explicitly 'scans recent turns for unpersisted feedback/preferences' from the session transcript (SKILL.md).
  • Boundary markers: There are no specified boundary markers or delimiters to isolate untrusted session data from the instructions being written to storage.
  • Capability inventory: The skill has capabilities to write to global and project configuration files.
  • Sanitization: There is no evidence of sanitization or filtering of the captured session data. This creates a risk where malicious instructions provided by an external source during a chat could be 'memorized' and turned into persistent system-level rules by the agent without the user realizing the source of the instruction.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 2, 2026, 05:07 AM
Security Audit — agent-trust-hub — lovstudio-auto-context