rg_history
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides numerous bash command templates using
rgto search and filter local files. These commands include piping and output limiting to manage large data volumes. It also references a local script 'scripts/list-sessions.sh' for discovering session paths. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it processes untrusted data.
- Ingestion points: Data is read from
~/.claude/projects/*.jsonlfiles (session history). - Boundary markers: The skill lacks instructions for using delimiters or boundary markers to isolate search results from the current prompt instructions.
- Capability inventory: The skill encourages the use of
bashandrgto process this data, and the agent has inherent capabilities to write files or execute commands based on search findings. - Sanitization: There is no evidence of sanitization or validation of the content retrieved from the history files before it is presented to the agent.
Audit Metadata