profilera
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill accesses sensitive local files including Claude Code session history (~/.claude/history.jsonl) and project configuration files (e.g., package.json, go.mod) for pattern mining. This access is necessary for the primary function of persona reconstruction, and no network-based exfiltration was detected in the code.
- [SAFE]: The extraction script
scripts/extract_all.pyimplements a redaction mechanism using keyword-based filtering to identify and mask potential credentials, tokens, and secrets within configuration files. - [COMMAND_EXECUTION]: The workflow relies on local Python scripts for data processing. These scripts are self-contained, do not require external dependencies, and lack any remote code execution or dynamic execution (eval/exec) patterns.
- [PROMPT_INJECTION]: As the skill ingests untrusted data from history logs and project files, it presents a surface for indirect prompt injection. Ingestion points include conversation JSONLs and memory markdown files. While explicit boundary markers for extracted rules are minimal, the risk is mitigated by the tool's limited capabilities and lack of network sinks. Sanitization is focused on credential redaction.
Audit Metadata