dossier-collect
Warn
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
Bashtool to perform automated investigations, including searching the codebase and environment. Shell access combined with recursive logic increases the risk of unintended command execution. - [EXTERNAL_DOWNLOADS]: The instructions mandate the use of
WebSearchandWebFetchto download and process content from external sources, such as public GitHub profiles and web pages, which are outside the agent's control. - [DATA_EXFILTRATION]: The skill's primary function is to aggregate information from local sources (codebase, memory stores, ADR indexes) and use it to drive outbound web searches and fetches. This creates a technical path where sensitive local data could be exposed to external services.
- [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection (Category 8) because it recursively ingests untrusted data from the internet and local files to drive its next steps.
- Ingestion points:
WebFetch,WebSearch,Read, andmcp__claude-flow__memory_search_unifiedare used to pull external and internal data into the prompt context. - Boundary markers: The skill does not define delimiters or protective instructions to prevent the agent from following commands embedded in the fetched content.
- Capability inventory: The inclusion of
Bash,Write, andmcp__claude-flow__memory_storetools provides a high-impact surface for an attacker to exploit via injected instructions. - Sanitization: Extraction is performed via simple regex/heuristics, which does not provide safety-level sanitization against malicious instructions.
Audit Metadata