sync-feedback
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection surface: The skill processes session transcripts from
~/.claude/learnings/sessions/using an LLM to identify feedback. While an attacker could theoretically insert malicious instructions into a session transcript to influence the extraction, the workflow requires an explicit manual review and approval step (/sync-feedback --review) before any data is exported or acted upon. \n - Ingestion points:
~/.claude/learnings/sessions/(SKILL.md)\n - Boundary markers: Absent in the processing instructions.\n
- Capability inventory: Local file manipulation, Python script execution, and interactive usage of the GitHub CLI.\n
- Sanitization: Not explicitly implemented in the skill instructions; the system relies on human validation of the extracted markdown content.\n- [COMMAND_EXECUTION]: The skill executes a local script (
process-sessions.py) via Python 3 and uses standard system utilities likefindandgrepfor file management. These operations are scoped to the skill's own directory and the user's local feedback repository.
Audit Metadata