System
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill executes various local shell commands (git, grep, jq, ls) and runs internal scripts via Bun. These operations are essential for auditing the system, managing documentation, and searching memory locations. All commands target local paths within the expected system directory (~/.claude/).
- [PROMPT_INJECTION] (LOW): The 'WorkContextRecall' and 'DocumentSession' workflows ingest untrusted data from session transcripts and git history, presenting an indirect prompt injection surface (Category 8).
- Ingestion points:
~/.claude/projects/*.jsonl(session transcripts) and git log/diff outputs. - Boundary markers: No explicit delimiters are used in the command-line synthesis process.
- Capability inventory: Includes shell execution (git, grep), file writing to memory directories, and Bun script execution.
- Sanitization: No automated sanitization of ingested transcripts or logs is implemented.
- [DATA_EXFILTRATION] (SAFE): Network activity is restricted to a localhost endpoint (http://localhost:8888) for voice notifications. No data exfiltration to external domains was found.
- [EXTERNAL_DOWNLOADS] (SAFE): The skill documentation recommends the installation of reputable tools (TruffleHog, BFG) via system package managers for security maintenance. No automated or untrusted downloads are performed by the skill itself.
Audit Metadata