exp-search
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection because it reads and displays content from files that could contain instructions written by other users or automated processes.
- Ingestion points: File paths including
spec/context/experience/*.md,spec/context/knowledge/*.md,.claude/skills/*/SKILL.md, and~/.claude/projects/*/memory/*.md. - Boundary markers: Absent; there are no instructions to the agent to disregard commands found within the retrieved text.
- Capability inventory: The skill utilizes
Read,Glob, andGreptools to retrieve file content. - Sanitization: Absent; the skill performs no validation or filtering of the data it reads.
- [DATA_EXPOSURE]: The skill accesses sensitive-looking locations such as
~/.claude/projects/*/memory/*.md. The use of the wildcard*in the path suggests it may attempt to read memory files from multiple projects, which could lead to cross-project information exposure if not properly restricted by the agent environment.
Audit Metadata