Skills
skills/petekp/claude-code-setup/claude-code-audit/Gen Agent Trust Hub

claude-code-audit

Warn

Audited by Gen Agent Trust Hub on May 10, 2026

Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill accesses sensitive local files in the user's home directory, including Claude Code session logs (~/.claude/projects/), global settings (~/.claude/settings.json), and installed skills. This access is essential for the skill's functionality but involves private interaction history and potentially sensitive configuration data.
  • [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it ingests large amounts of untrusted historical data.
  • Ingestion points: Historical session transcripts are read from ~/.claude/projects/ by scripts/extract.py.
  • Boundary markers: No boundary markers or 'ignore' instructions are used when passing rendered content to subagents in references/subagent_brief.md.
  • Capability inventory: The skill can execute shell commands via Python scripts and has extensive file system read/write access as seen in SKILL.md.
  • Sanitization: scripts/render.py clips long text but does not sanitize or filter the content for potential malicious instructions.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 10, 2026, 03:34 AM