claudeception
Warn
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill implements a persistence mechanism via a UserPromptSubmit hook that injects instructions into every session context.
- Evidence: The activator script (scripts/claudeception-activator.sh) uses high-pressure language ('CRITICAL', 'NON-NEGOTIABLE', 'MANDATORY') to override agent behavior.
- Evidence: The skill creates a surface for indirect prompt injection by autonomously generating new executable SKILL.md files from session history without explicit sanitization for embedded instructions.- [COMMAND_EXECUTION]: The installation and operation of the skill involve local script execution and configuration changes.
- Evidence: Users are instructed to execute shell commands (mkdir, cp, chmod +x) and modify the global ~/.claude/settings.json file.
- Evidence: The activator hook script is a local bash script executed on the host machine during every prompt lifecycle.- [EXTERNAL_DOWNLOADS]: The skill relies on external, unverified sources for installation and functionality.
- Evidence: The README instructs users to clone the repository from 'github.com/blader/Claudeception.git'.
- Evidence: The documentation suggests the global installation of the 'madge' package via npm.- [DATA_EXFILTRATION]: The skill is designed to send internal project context to external web services for discovery.
- Evidence: The 'Research Best Practices' protocol (SKILL.md) instructs the agent to perform web searches using specific error messages and technology stacks derived from the local codebase.
Audit Metadata