bye
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute bash commands like
lsandsedto locate internal session files and log data within~/.claude/for history reconstruction. - [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface (Category 8). It ingests untrusted historical conversation data from session JSONL files and logs without sanitization or explicit boundary markers. This data is then used in summaries and git commits. 1. Ingestion points:
~/.claude/projects/*.jsonland~/.claude/logs/. 2. Boundary markers: Absent. 3. Capability inventory: File creation,git commit, andgit push. 4. Sanitization: Absent.
Audit Metadata