developer-growth-analysis
Fail
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: HIGHDATA_EXFILTRATIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [DATA_EXFILTRATION]: Accesses the sensitive file
~/.claude/history.jsonl. This file contains the complete local history of the user's interactions with the AI, which includes full source code, project-specific architectural details, and potentially sensitive credentials or private keys accidentally pasted by the user during previous sessions. - [DATA_EXFILTRATION]: The skill is designed to transmit a summarized report of this sensitive data to Slack via an external tool. This creates a data exfiltration channel that could be exploited to leak private information if the agent is manipulated or if the Slack destination is misconfigured.
- [PROMPT_INJECTION]: The skill is highly vulnerable to Indirect Prompt Injection. It ingests the
displayandpastedContentsfields from the history file and processes them for analysis. If a user previously pasted malicious instructions or researched content containing embedded prompts, the agent could be coerced into unauthorized actions during the analysis and reporting phase. - [PROMPT_INJECTION]: Ingestion point:
~/.claude/history.jsonl. Boundary markers: None present. Capability inventory: File read access and network communication (Slack, HackerNews) via Rube MCP. Sanitization: None detected in the instructions. - [EXTERNAL_DOWNLOADS]: Relies on a non-standard dependency called 'Rube MCP' for searching HackerNews and managing Slack connections. This tool's origin and security posture are unverified, introducing a third-party risk into the agent's operating environment.
Recommendations
- AI detected serious security threats
Audit Metadata