skills/haoxuanlithuai/awesome_cognitive_and_neuroscience_skills/Share Skill Usage Statistics/Gen Agent Trust Hub
Share Skill Usage Statistics
Warn
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill accesses highly sensitive local files including ~/.claude/history.jsonl and ~/.claude/debug/*.txt which contain full conversation history. Although it filters for specific skill names, the act of reading and transmitting data derived from raw history logs to a remote repository constitutes a data exposure risk.
- [COMMAND_EXECUTION]: The skill executes an inline Python script to process log files and uses the GitHub CLI (gh) to perform network operations and create discussions on a remote repository.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it processes untrusted data from local logs and user comments which are then interpolated into a Markdown report and a GraphQL command. Ingestion points: ~/.claude/history.jsonl and ~/.claude/debug/*.txt. Boundary markers: Privacy confirmation step included, but no markers used during log parsing. Capability inventory: Python script execution, GitHub CLI commands, local file writing, and network access. Sanitization: None; relies on basic regex and string interpolation.
Audit Metadata