developer-growth-analysis
Fail
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: CRITICALDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION]: The skill is instructed to read from
~/.claude/history.jsonl. This file contains highly sensitive information, including all user interactions, project context, and any content or code snippets pasted into the chat interface. - [DATA_EXFILTRATION]: Derived data and summaries from the sensitive chat history are transmitted to an external service (Slack) via the
Rube MCPtoolset. The combination of local sensitive file access and outbound network transmission constitutes a data exfiltration pattern. - [COMMAND_EXECUTION]: The skill utilizes several external MCP tools (
RUBE_SEARCH_TOOLS,RUBE_MANAGE_CONNECTIONS,RUBE_MULTI_EXECUTE_TOOL) to perform network operations, including searching HackerNews and managing Slack connections for message delivery. - [DATA_EXFILTRATION]: Ingestion point: The skill ingests untrusted data from
~/.claude/history.jsonlwhich may contain third-party content or malicious strings from previous interactions. Boundary markers: There are no instructions to use delimiters or ignore embedded commands within the ingested chat history. Capability inventory: The skill possesses file read access, network search capabilities via HackerNews, and network write capabilities via Slack. Sanitization: There is no evidence of sanitization or filtering of the ingested content before it is processed or sent to external services.
Recommendations
- AI detected serious security threats
Audit Metadata