developer-growth-analysis
Warn
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [DATA_EXFILTRATION]: The skill reads the sensitive local file
~/.claude/history.jsonl. This file contains the complete history of the user's interactions with Claude Code, including project context, pasted source code, and potentially sensitive environment data or hardcoded credentials. This information is processed and then a summary is sent to Slack. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it processes untrusted user data from past chat history.
- Ingestion points: Reads raw user messages and pasted contents from
~/.claude/history.jsonlin the 'Access Chat History' step. - Boundary markers: Absent; the instructions do not specify any delimiters or safety markers to prevent the AI from obeying instructions embedded in the historical chat data.
- Capability inventory: The skill has network access via the Rube MCP tools to query HackerNews and send messages to Slack.
- Sanitization: Absent; there is no mention of filtering or sanitizing the chat history before it is analyzed by the agent.
- [EXTERNAL_DOWNLOADS]: The skill interacts with external services, specifically HackerNews for research and Slack for report delivery. These interactions occur through the 'Rube MCP' toolset (
RUBE_SEARCH_TOOLS,RUBE_MULTI_EXECUTE_TOOL), which represents an external dependency for data transmission.
Audit Metadata