reclaim
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
Bashtool to execute local scripts and utility commands. It sources library files located in the user's home directory, specifically within~/.claude/plugins/marketplaces/cc-skills/plugins/autoloop/scripts/. These scripts handle registry resolution, ownership logic, and state management. - [PROMPT_INJECTION]: The 'Self-Evolving Skill' section contains instructions that encourage the AI agent to 'fix this file immediately' if it detects issues or needs workarounds. This creates a surface for persistent prompt injection, where malicious input processed by the agent could potentially influence it to rewrite its own instructions with harmful logic.
- [DATA_EXPOSURE]: The skill reads from
~/.claude/loops/registry.jsonto extract process information such as owner PIDs, session IDs, and contract paths. This data is used to inform the user about the state of the loops before reclamation.
Audit Metadata