bruhs
Warn
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXPOSURE]: The skill accesses the sensitive configuration file
~/.claude.jsonlocated in the user's home directory to detect configured MCP servers. - Evidence: Found in
commands/claim.mdandcommands/spawn.mdwhere the skill reads the file to find Linear MCP instances. - Context: This file often contains plain-text API tokens (such as
LINEAR_ACCESS_TOKEN) and environment variables for other MCP services. While used for integration, this represents access to high-value secrets. - [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted data from external platforms which could influence the agent's behavior.
- Ingestion points: Fetches PR comments via the GitHub CLI (
peep.md) and ticket descriptions from Linear (cook.md). - Boundary markers: The skill does not implement explicit delimiters or warnings to ignore instructions embedded in the external text.
- Capability inventory: The skill possesses extensive capabilities including file system modification, command execution via
pnpmandnpx, and PR management viagh. - Sanitization: External content from comments and tickets is interpolated directly into prompts for planning and code generation without sanitization.
- [COMMAND_EXECUTION]: The skill frequently executes system-level commands and development utilities.
- Evidence: Usage of
git,gh,pnpm,npx,lsof, andkillacross multiple command workflows. - Context: Commands are used for standard development tasks such as scaffolding projects (
pnpm create), managing branches, and running diagnostics (e.g.,npx -y react-doctor@latest).
Audit Metadata