worktrace
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill ingests untrusted data from Claude Code history files to generate summaries, creating a path for malicious instructions to influence the agent. * Ingestion points: Interaction history and session logs are read from
~/.claude/history.jsonland session files in~/.claude/projects/viascripts/worktrace.py. * Boundary markers: Absent. No delimiters or safety instructions are used to separate user data from system instructions during the summarization phase. * Capability inventory: The skill has file-write capabilities (viascripts/worktrace.py) and allows the agent to process and transform interaction data. * Sanitization: Absent. The skill does not perform sanitization or filtering of the interaction history to neutralize potential prompt injection payloads before processing.
Audit Metadata