skill-logger
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it is designed to ingest and process untrusted data from other skill executions, including raw user queries and skill outputs.
- Ingestion points: Data enters the system via the
user_queryandoutputfields processed inSKILL.md(e.g., inlog_skill_invocationandidentify_improvement_opportunities). - Boundary markers: No specific delimiters or instructions to treat ingested strings as data rather than instructions are present in the logic.
- Capability inventory: The skill is granted powerful capabilities including
Bash,Write,Edit, andReadaccess to the filesystem. - Sanitization: The provided implementation lacks sanitization or escaping of the ingested strings before they are stored or potentially re-processed by the agent.
- [DATA_EXFILTRATION]: The skill implements a logging mechanism that stores detailed interaction history, including full user prompts and assistant responses, in a local SQLite database located at
~/.claude/skill_logs.db. This creates a centralized repository of potentially sensitive information on the local filesystem.
Audit Metadata