recap
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Executes multiple shell commands through Bun's shell utility and direct script calls, including git status, git log, find, and ls. It also references an external Python script from a related skill.\n- [DATA_EXFILTRATION]: Performs local data exposure by reading session log files from the ~/.claude/projects/ directory to calculate session elapsed time. This activity is restricted to local metadata and does not involve network transmission.\n- [PROMPT_INJECTION]: Contains a surface for indirect prompt injection as it ingests and summarizes the contents of various markdown files in the workspace, such as handoff notes and retrospectives.\n
- Ingestion points: Reads content from files in ψ/inbox/handoff/, ψ/memory/retrospectives/, and conversation logs in ~/.claude/projects/.\n
- Boundary markers: None identified; file content is interpreted by the agent based on the summaries generated by the scripts.\n
- Capability inventory: Includes execution of shell commands, Bun scripts, and Python scripts as defined in SKILL.md and associated source files.\n
- Sanitization: None; the skill assumes the content of project-related markdown files is safe for the agent to process.
Audit Metadata