developer-growth-analysis
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill accesses the sensitive local file
~/.claude/history.jsonl, which stores comprehensive logs of user interactions, including source code, project metadata, and developer notes. This data is processed and transmitted to an external Slack workspace. While intended for the user, this behavior establishes a pathway for sensitive local development context to be sent to a third-party service. - [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection because it ingests untrusted content from the
pastedContentsfield in the chat history. There are no instructions for sanitization or the use of boundary markers. Malicious instructions embedded in code or text previously pasted into the chat could be interpreted and executed by the agent during the analysis process. Evidence Chain: Ingestion point is~/.claude/history.jsonl; Boundary markers are absent; Capabilities include network transmission (Slack API) and local file access; Sanitization of history content is absent.
Audit Metadata