auto-retrospective
Warn
Audited by Gen Agent Trust Hub on Apr 11, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs file modifications on
~/.claude/hooks/auto-scale.shusingsed -i. This script is an active platform hook (UserPromptSubmit) that executes automatically. Modifying executable files that are part of the agent's control flow is a sensitive operation. - [COMMAND_EXECUTION]: The update mechanism for intervals (
rrr:<N>k) incorporates user input into asedcommand string. If the input is not strictly validated for numeric characters, it could allow for command injection or arbitrary modification of the hook script. - [PROMPT_INJECTION]: The skill is designed to automatically inject instructions into the conversation context based on token usage thresholds. This constitutes an automated mechanism where the tool influences agent behavior via injected prompts without direct user command at the moment of injection.
- [DATA_EXFILTRATION]: The skill reads session-specific metadata from
/tmp/statusline-raw.json. While currently used for status display, accessing internal platform state files can be a precursor to data exposure if the data is subsequently sent to the model or an external service.
Audit Metadata