claudeception
Warn
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The script 'scripts/claudeception-activator.sh' is designed for use as a system hook to inject instructions into every user prompt using high-pressure and imperative language (e.g., 'MANDATORY', 'CRITICAL', 'NON-NEGOTIABLE', 'MUST', 'NOT optional') to override the agent's default decision-making.
- [COMMAND_EXECUTION]: The installation guide in 'README.md' instructs users to configure a 'UserPromptSubmit' hook in the agent's 'settings.json' file to execute the 'claudeception-activator.sh' script automatically on every user interaction.
- [PROMPT_INJECTION]: The skill's primary function of extracting and writing new skills from session data creates a surface for indirect prompt injection. Ingestion points: Conversation history is ingested in 'SKILL.md' through the retrospective mode. Boundary markers: Absent; no isolation markers or instructions are used to separate session data from extraction logic. Capability inventory: The skill has 'Write', 'Edit', and 'Skill' permissions, enabling it to create new executable markdown files in the agent's skill directory. Sanitization: Lacks automated filtering or sanitization of content before writing it to a new 'SKILL.md' file, relying only on a manual checklist.
Audit Metadata