PAI
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: Imperative instructions are used to override default agent behavior and mandate context loading. Evidence: 'MUST BE USED proactively for all user requests' and 'USE PROACTIVELY to ensure complete context availability'.
- [DATA_EXFILTRATION]: The skill directs the agent to interact with sensitive directories containing private data, which is a risk factor for exposure if handled incorrectly. Evidence: Instructions specifically reference '
/.claude/', '/.claude/settings.json', and '~/.claude/history/'. - [PROMPT_INJECTION]: Vulnerability surface for indirect prompt injection via untrusted data processing in the scratchpad environment. Ingestion points: User requests and files in '
/.claude/scratchpad/'. Boundary markers: Absent. Capability inventory: Git operations (git remote -v) and file read/write access to '/.claude/'. Sanitization: Absent; no instructions for validating or escaping content from scratchpad files. - [NO_CODE]: The skill consists entirely of markdown instructions without accompanying scripts or executables.
Audit Metadata