developer-growth-analysis
Warn
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [DATA_EXFILTRATION]: The skill accesses the sensitive local file
~/.claude/history.jsonl. This file contains the complete record of user interactions with Claude Code, including thepastedContentsfield which often stores sensitive information such as proprietary source code, hardcoded API keys, and environment configurations. - [DATA_EXFILTRATION]: Information derived from the sensitive chat history is transmitted to an external service (Slack) via the
RUBE_MULTI_EXECUTE_TOOL. While the intended output is a growth report, there is a risk that sensitive details from the history could be inadvertently included in the transmitted data. - [EXTERNAL_DOWNLOADS]: The skill utilizes external tools to query HackerNews and interact with the Slack API. While these are well-known services, the process involves transmitting data about the user's technical interests and work patterns to external platforms.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted data from the
displayandpastedContentsfields of the local chat history. Adversarial content within those fields could attempt to manipulate the analysis logic or the content of the generated report. - Ingestion points: The skill reads and parses
~/.claude/history.jsonlin Instruction 1. - Boundary markers: Absent. There are no instructions to use delimiters or ignore embedded instructions when the agent processes the history file.
- Capability inventory: The skill possesses the capability to perform network searches and send messages to Slack via the Rube MCP server.
- Sanitization: No sanitization or filtering of the chat history content is specified before the data is analyzed for pattern recognition.
Audit Metadata