Skills
skills/boshu2/agentops/research/Gen Agent Trust Hub

research

Warn

Audited by Gen Agent Trust Hub on Apr 5, 2026

Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [DATA_EXFILTRATION]: The skill's reference documentation (references/context-discovery.md) includes a curl command example that transmits an API key ($KEY) to a dynamic external URL ($ETL_URL). This pattern demonstrates how sensitive credentials could be exfiltrated to non-whitelisted infrastructure.
  • [DATA_EXFILTRATION]: The execution logic in SKILL.md performs recursive searches within ~/.claude/patterns/. This directory is sensitive as it contains internal configuration, learned patterns, and metadata specific to the AI agent's environment.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. It systematically ingests data from untrusted sources, including the local codebase and external web content (via WebSearch, WebFetch, and MCP tools like Firecrawl or Exa). This retrieved data is then used to synthesize reports and drive the prompts for spawned sub-agents. The skill possesses high-privilege capabilities, including Bash, Write, and the ability to spawn agents (TeamCreate, spawn_agent, Task).
  • Ingestion points: Codebase files, Git logs/blame, and external web content.
  • Boundary markers: Absent; the agent is not instructed to disregard instructions embedded within the data it researches.
  • Capability inventory: Bash, Write, and multiple agent-spawning tools (spawn_agent, TeamCreate, Task).
  • Sanitization: Absent; findings are directly processed into research artifacts and subsequent agent instructions.
  • [COMMAND_EXECUTION]: The skill utilizes several mechanisms for executing code and managing sub-processes, including codex exec via the Bash tool and the Task tool for background execution. It also generates and executes shell commands for git history analysis (git log, git blame).
  • [EXTERNAL_DOWNLOADS]: The skill reference references/claude-code-latest-features.md fetches configuration and changelog data from the official Anthropic GitHub repository (https://raw.githubusercontent.com/anthropics/claude-code/main/CHANGELOG.md). This is a reference to a well-known service.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 5, 2026, 11:02 PM