Skills
skills/athola/claude-night-market/friction-detector/Gen Agent Trust Hub

friction-detector

Pass

Audited by Gen Agent Trust Hub on May 9, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted session data to influence the creation of permanent agent rules.
  • Ingestion points: The skill ingests session transcripts and performance data as documented in the 'Integration' section of SKILL.md.
  • Boundary markers: There are no explicit boundary markers or instructions to ignore embedded commands within the processed session data.
  • Capability inventory: The skill has the capability to write to the local file system (creating logs in ~/.claude/friction/ and appending to LEARNINGS.md) and executes shell commands (rg, grep) as seen in Step 2 and Step 5 of the Detection Workflow.
  • Sanitization: There is no evidence of sanitization or validation of the content extracted from session logs before it is used to propose new rules.
  • [COMMAND_EXECUTION]: The skill uses local shell commands for its core functionality.
  • Evidence: Step 2 of the workflow uses rg (ripgrep) and grep to scan session logs for friction signals. While these are used locally and for the skill's primary purpose, they represent a surface area for command injection if variables like $SIGNAL_TYPE are not properly handled.
Audit Metadata
Risk Level
SAFE
Analyzed
May 9, 2026, 07:37 AM