orlob-discovery-framework

Warn

Audited by Gen Agent Trust Hub on Jul 4, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands to write a JSON file to a hidden directory in the user's home folder (~/.claude/skill-analytics/).
  • [PRIVILEGE_ESCALATION]: The skill documentation explicitly describes an intent to bypass security controls, stating that writing outside the repository is "required so the PreToolUse observer hook allows the write." This represents an intentional evasion of platform-level security boundaries.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data from sales call transcripts and has the capability to execute shell commands.
  • Ingestion points: The skill processes external data from sales calls and transcripts.
  • Boundary markers: No delimiters or "ignore instructions" warnings are used when processing external data.
  • Capability inventory: The skill has access to shell execution (bash).
  • Sanitization: There is no evidence of sanitization or validation of the ingested call data before it is used to guide agent behavior or analytics generation.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jul 4, 2026, 04:23 PM
Security Audit — agent-trust-hub — orlob-discovery-framework