interview-writer
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill's core workflow involves ingesting untrusted external content and subsequently modifying persistent local files, which could lead to profile poisoning.
- Ingestion points: The skill accepts untrusted articles, web links, and event descriptions from users during the 'Phase 1: Analysis' stage.
- Boundary markers: No specific delimiters or 'ignore embedded instructions' warnings are defined for the processing of external content.
- Capability inventory: The skill possesses the capability to write to and update local files in the user's home directory, specifically within
~/.claude/content-profile/(Phase 4). - Sanitization: There is no evidence of sanitization or filtering of external content before it is used to 'automatically update' the user's writing style, opinions, and domain knowledge files.
- [Data Exposure] (MEDIUM): The skill intentionally reads and aggregates sensitive personal information, including 'opinions', 'thinking-patterns', and 'domain-knowledge' from the
~/.claude/directory. While this is part of the stated functionality, the concentration of such personal metadata represents a significant data exposure risk if the agent's output is subsequently shared or exfiltrated. - [Persistence Mechanisms] (MEDIUM): The skill implements a persistence mechanism by creating and incrementally updating files in the user's home directory (
~/.claude/content-profile/*.md). This allows changes to the agent's behavior to persist across different sessions.
Recommendations
- AI detected serious security threats
Audit Metadata