dream
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill accesses sensitive local files including Claude Code and Codex conversation logs (.jsonl files) located in ~/.claude/ and ~/.codex/. These files contain private user interactions and technical data which are extracted and sent to the Sibyl tool.
- [COMMAND_EXECUTION]: The instructions involve executing shell pipelines and Python scripts via python3 -c to parse and extract data from local logs. This involves processing local file content through shell utilities like find and grep.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8). It ingests untrusted data from historical conversation logs and processes it to extract rules and patterns. Ingestion points: Conversation logs in ~/.claude and ~/.codex. Boundary markers: Absent; logs are read without delimiters to separate data from instructions. Capability inventory: Shell execution and Sibyl CLI tool interaction. Sanitization: Absent; data is parsed and used to create new knowledge entries without verification.
Audit Metadata