Skills
skills/jd-opensource/joysafeter/planning-with-files/Gen Agent Trust Hub

planning-with-files

Fail

Audited by Gen Agent Trust Hub on Feb 18, 2026

Risk Level: HIGHDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • Data Exposure & Exfiltration (HIGH): The scripts/session-catchup.py script programmatically accesses the ~/.claude/projects directory to read .jsonl session log files. These files contain the full history of user and agent interactions, which constitutes sensitive personal and operational data.
  • Privilege Escalation (HIGH): The Stop hook in SKILL.md and the scripts/check-complete.sh logic (when falling back to PowerShell) use the -ExecutionPolicy Bypass flag. This is a known technique for circumventing system-level security policies that restrict the execution of unsigned or local scripts.
  • Indirect Prompt Injection (LOW): The session recovery feature creates an attack surface by re-injecting data from previous interactions into the current context without sanitization.
  • Ingestion points: session-catchup.py reading historical project logs.
  • Boundary markers: Absent; the output is prefixed with simple text headers that do not prevent the model from following instructions contained within the logs.
  • Capability inventory: The skill possesses extensive capabilities including Bash execution and file modification (Write, Edit).
  • Sanitization: None; the script performs raw extraction of text and tool usage history.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 18, 2026, 05:57 PM