honcho-interview

Warn

Audited by Gen Agent Trust Hub on Jun 26, 2026

Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill instructs the agent to read highly sensitive shell configuration files including ~/.zshrc and ~/.bashrc. These files are standard locations for storing authentication tokens, API keys, and other sensitive environment variables. Data extracted from these files is subsequently transmitted to an external service (Honcho) via the create_conclusion tool.
  • [COMMAND_EXECUTION]: The agent is directed to perform broad file system reconnaissance by scanning various configuration files in the user's home directory (~/.claude/CLAUDE.md, shell profiles) and project directories (package.json, tsconfig.json, pyproject.toml).
  • [DATA_EXFILTRATION]: Surface for Indirect Prompt Injection. The skill ingests untrusted data from multiple local files without explicit sanitization or boundary markers. Malicious content within these files could influence the agent's reasoning or the conclusions it persists to the external Honcho memory service. Evidence chain:
  • Ingestion points: ~/.zshrc, ~/.bashrc, package.json, pyproject.toml, .prettierrc (SKILL.md)
  • Boundary markers: None implemented for file ingestion
  • Capability inventory: chat tool (context reading), create_conclusion tool (external data persistence)
  • Sanitization: No validation or filtering of file content mentioned
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 26, 2026, 03:25 PM
Security Audit — agent-trust-hub — honcho-interview