Skills
skills/frappucc1no/recall-loom/recallloom/Gen Agent Trust Hub

recallloom

Pass

Audited by Gen Agent Trust Hub on May 7, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The dispatcher script (recallloom.py) and source analysis module (sources.py) utilize subprocess.run to execute internal helper scripts and local git commands. Additionally, native command templates use dynamic context injection to run the skill's dispatcher for project orientation.
  • [EXTERNAL_DOWNLOADS]: The skill fetches a version support advisory from the author's official GitHub repository (Frappucc1no/recall-loom) to provide update notifications. This is a standard diagnostic feature and targets a trusted domain and repo.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection attack surface as it ingests untrusted project files and possesses file-writing capabilities.
  • Ingestion points: query_continuity.py, preflight_context_check.py, and generate_coldstart_proposal.py read user-controlled markdown files from the workspace.
  • Boundary markers: Data sections are clearly delimited using specific machine-readable comments (e.g., <!-- recallloom:file=... -->).
  • Capability inventory: The skill can write to context files via commit_context_file.py and append_daily_log_entry.py, and execute shell commands via recallloom.py.
  • Sanitization: Ingested text is scanned by a built-in safety module (attached_text.py) designed to detect adversarial instructions and malicious unicode characters before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
May 7, 2026, 07:13 AM