PAI
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Data Exposure & Exfiltration] (HIGH): The skill identifies and commands the agent to use ~/.claude/, which it explicitly labels as containing 'EXTREMELY SENSITIVE PRIVATE DATA'. It also aggregates PII including personal emails and social media profiles.
- [Indirect Prompt Injection] (HIGH): The skill possesses high-privilege capabilities including Git repository management and cloud infrastructure modification (AWS/Cloudflare) while processing untrusted user data. 1. Ingestion points: Processes user requests and reads SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: git operations, filesystem access to sensitive paths, cloud resource modification. 4. Sanitization: Absent.
- [Prompt Injection] (MEDIUM): The skill uses imperative, overbearing instructions such as 'MUST BE USED proactively for all user requests' and 'CORE IDENTITY (Always Active)' to override standard agent behavior.
- [Command Execution] (MEDIUM): The skill explicitly directs the agent to execute shell commands (git, date) and manage production-supporting cloud infrastructure.
Recommendations
- AI detected serious security threats
Audit Metadata