Skills
skills/athola/claude-night-market/clear-context/Gen Agent Trust Hub

clear-context

Fail

Audited by Gen Agent Trust Hub on Mar 4, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill provides explicit instructions to subagents to bypass user confirmation ('DO NOT pause for user confirmation') when 'auto_continue' or 'dangerous/unattended' modes are active. This facilitates the execution of tasks without standard safety oversight.
  • [PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface by reading task instructions from .claude/session-state.md. A continuation agent reading a maliciously crafted state file could be forced into 'dangerous' mode, executing injected tasks while skipping permissions.
  • Ingestion points: .claude/session-state.md
  • Boundary markers: Absent
  • Capability inventory: Subagent spawning (Task tool), shell logging (hooks)
  • Sanitization: Absent
  • [COMMAND_EXECUTION]: The PreToolUse hook in SKILL.md executes a shell command to log activity. This establishes a mechanism for direct command execution on the host system.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 4, 2026, 09:13 AM