developer-growth-analysis
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTIONNO_CODE
Full Analysis
- [DATA_EXFILTRATION]: The skill is designed to access local Claude Code chat history, which contains sensitive project data and potential credentials, and transmit findings to an external Slack service.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it processes untrusted historical chat data that may contain malicious instructions from external sources viewed during past sessions.
- Ingestion points: Local Claude Code chat history files.
- Boundary markers: No delimiters or protective instructions are defined to separate chat data from the analysis logic.
- Capability inventory: Data exfiltration via Slack DM delivery.
- Sanitization: No sanitization or escaping mechanisms are documented.
- [NO_CODE]: The skill provides only a markdown description without any supporting scripts (Python, JS) or configuration files, preventing a full audit of how data is handled or how the Slack integration is authenticated.
Audit Metadata