recall
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection surface detected via local file ingestion.
- Ingestion points: The
scripts/search.pyscript reads the full-text content of markdown files stored in the user's~/.claude-done/directory to perform keyword searches. - Boundary markers: There are no explicit markers, delimiters, or system instructions provided to the agent to treat the retrieved content as data rather than instructions.
- Capability inventory: The skill is capable of directory traversal within the target folder, reading local files, and executing a Python-based search script.
- Sanitization: No sanitization, escaping, or filtering is performed on the content of the session summaries before they are presented to the agent.
Audit Metadata