cost-track
Fail
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: HIGHDATA_EXFILTRATIONCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill reads session logs from
~/.claude/projects/<encoded-cwd>/<session>.jsonl. These files contain the full interaction history between the user and the agent, which may include sensitive code, environmental variables, or secrets mentioned during the session. - [COMMAND_EXECUTION]: The skill instructs the agent to run a shell command:
node plugins/ruflo-cost-tracker/scripts/track.mjs. - [REMOTE_CODE_EXECUTION]: The execution of
track.mjsis unverifiable because the script's source code is not included in the skill definition. Running unvetted local scripts that have access to the file system and agent memory tools presents a high security risk. - [PROMPT_INJECTION]: The skill processes session logs (
jsonl) as untrusted input. This creates an indirect prompt injection surface where malicious instructions from a previous conversation could influence the agent's behavior during the tracking or reporting phases. - Ingestion points:
~/.claude/projects/<encoded-cwd>/<session>.jsonlviatrack.mjs. - Boundary markers: None specified in the instructions.
- Capability inventory: Access to
Bash(shell execution) andmcp__claude-flow__memory_store. - Sanitization: No evidence of sanitization or validation of the session log content before processing.
Recommendations
- AI detected serious security threats
Audit Metadata