Skills
skills/grandamenium/dream-skill/dream/Gen Agent Trust Hub

dream

Warn

Audited by Gen Agent Trust Hub on Mar 27, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill modifies critical agent configuration files including ~/.claude/settings.json to install a persistent 'Stop' hook. This hook automatically executes dream-hook.sh whenever a session ends.
  • [COMMAND_EXECUTION]: The dream-hook.sh script spawns a background agent process using nohup claude -p .... This background process is granted extensive capabilities (Read, Write, Edit, Bash, Glob, Grep) to perform memory consolidation autonomously.
  • [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection (Category 8) due to its core functionality of ingesting untrusted data from session transcripts.
  • Ingestion points: The agent is instructed to scan ~/.claude/projects/*/sessions/*.jsonl files for user corrections and decisions (Phase 2).
  • Boundary markers: There are no instructions to use boundary markers or delimiters when processing these transcripts to prevent embedded instructions from being obeyed.
  • Capability inventory: The skill utilizes Read, Write, Edit, Bash, Glob, and Grep tools across multiple phases to update persistent memory files.
  • Sanitization: No sanitization or validation is performed on the content extracted from transcripts before it is used to modify the agent's long-term memory (MEMORY.md and topic files).
  • [COMMAND_EXECUTION]: The install.sh script and onboarding instructions in SKILL.md use Python and shell commands to modify local configuration files and create flag files (.dream-pending) in the user's home directory.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 27, 2026, 07:55 PM