dry-principle
Warn
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The SKILL.md file contains a 'Memory Protocol' section that explicitly instructs the agent to execute the shell command
cat .claude/context/memory/learnings.mdat the start of interactions. This pattern bypasses standard tool usage for information retrieval. - [DATA_EXFILTRATION]: The skill attempts to access internal platform directories, specifically
.claude/context/memory/, which may contain sensitive context, history, or metadata from previous agent interactions. Accessing these internal state files can lead to the exposure of data across different sessions or projects. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its broad file access and processing logic.
- Ingestion points: The agent is configured to use the
Readtool on all files matching the**/*.*glob pattern. - Boundary markers: Absent. There are no instructions or delimiters defined to help the agent distinguish between its own operational guidelines and instructions that may be maliciously embedded in the source code it is reviewing.
- Capability inventory: The skill possesses extensive capabilities including
Read,Write, andEdittools, and it is instructed to use shell commands (cat). - Sanitization: None. The skill does not implement any validation, escaping, or filtering of the code content it reads from the project files before processing it as context.
Audit Metadata