checkpoint
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The checkpoint template explicitly instructs the agent to document 'API keys loaded' and 'services running' into markdown files stored in the .claude/checkpoints/ directory. This practice encourages the persistence of sensitive credentials in plaintext on the local filesystem, increasing the risk of credential exposure.
- [PROMPT_INJECTION]: The skill contains a vulnerability to indirect prompt injection through its state-management mechanism. Malicious instructions embedded in untrusted data processed during a session could be summarized and saved into a checkpoint file, which is then re-ingested in subsequent sessions.
- Ingestion points: The agent's current conversation context and any files read during the session.
- Boundary markers: The checkpoint template lacks explicit boundary markers or delimiters to isolate user-provided content from the agent's summary and instructions.
- Capability inventory: The skill utilizes file-writing capabilities to create and modify .claude/checkpoints/*.md and CLAUDE.md files.
- Sanitization: There is no evidence of sanitization, filtering, or escaping of external content before it is interpolated into the checkpoint files.
Audit Metadata