Skills
skills/growth4u-systems/claude-token-hygiene/token-hygiene/Gen Agent Trust Hub

token-hygiene

Warn

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Persistence mechanism established via macOS launchd agent (com.claude.schedule.token-hygiene.plist) to execute a local shell script monthly.
  • [COMMAND_EXECUTION]: The automated script token-hygiene.sh invokes the claude CLI with the --dangerously-skip-permissions flag, bypassing interactive security confirmations for tool usage.
  • [COMMAND_EXECUTION]: Grants the automated agent access to the Bash tool, enabling arbitrary command execution without user oversight during the scheduled audit.
  • [DATA_EXFILTRATION]: Contains optional logic to transmit audit data (file metrics and project structure) to an external email address using the gog CLI tool.
  • [PROMPT_INJECTION]: Exhibits an indirect prompt injection surface.
  • Ingestion points: The script token-hygiene.sh reads content from memory/token-hygiene-tracker.json and directory listings ($TOPIC_FILES) and interpolates them into the Claude prompt.
  • Boundary markers: No clear delimiters are used to separate untrusted file content from system instructions.
  • Capability inventory: The agent is granted Bash, Write, and Edit permissions.
  • Sanitization: Input from local files is not sanitized before being passed to the LLM.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 6, 2026, 10:29 AM