Skills
skills/heyflouai/ikf-central-dashboard/planning-with-files/Gen Agent Trust Hub

planning-with-files

Fail

Audited by Gen Agent Trust Hub on Feb 19, 2026

Risk Level: HIGHDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
  • Data Exposure & Exfiltration (HIGH): The script 'scripts/session-catchup.py' reads Claude's internal session logs located at '~/.claude/projects/*.jsonl'. These logs contain the full history of previous conversations, which may include credentials, private data, or sensitive code handled in unrelated tasks. Exposing this data to the current context increases the risk of data leakage.
  • Command Execution (MEDIUM): The 'Stop' hook in 'SKILL.md' automatically executes PowerShell scripts using '-ExecutionPolicy Bypass'. While used for task verification, this represents a bypass of local security policies to run unverified scripts.
  • Indirect Prompt Injection (LOW): The catchup mechanism creates a cross-session injection surface. 1. Ingestion points: session logs via 'scripts/session-catchup.py'. 2. Boundary markers: Present as text headers but easily bypassed by embedded instructions. 3. Capability inventory: 'Bash', 'Write', 'Edit', 'Read', 'Glob', 'Grep', 'WebFetch', 'WebSearch'. 4. Sanitization: None. Instructions from a previously compromised session (e.g., from a malicious website) could persist into the current session through this mechanism.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 19, 2026, 02:18 AM