Remembering Conversations
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection during the hierarchical summarization process.
- Ingestion points:
tool/src/parser.tsreads conversation history from.jsonlfiles stored in~/.config/superpowers/conversation-archive/. - Boundary markers: The
summarizeConversationfunction intool/src/summarizer.tsinterpolates raw conversation text directly into the LLM prompt without using robust delimiters (e.g., XML tags or randomized separators) or escaping, which could allow a malicious conversation history to influence the summary output. - Capability inventory: The summarization process has network access to the Anthropic API via the
@anthropic-ai/claude-agent-sdkand file write access to save the resulting summaries. - Sanitization: No sanitization or filtering is performed on the conversation content before it is interpolated into the prompt.
- DATA_EXFILTRATION (SAFE): The skill transmits conversation data to the Anthropic API for summarization. This is the primary intended behavior of the skill and uses the official Claude Agent SDK. Per [TRUST-SCOPE-RULE], calls to established vendor APIs for the skill's core purpose are considered safe.
- COMMAND_EXECUTION (SAFE): The skill includes shell scripts (
tool/migrate-to-config.sh,tool/test-install-hook.sh) for maintenance and deployment. These scripts use standard system commands (cp,mkdir,sqlite3,chmod) for their stated purposes and do not exhibit malicious intent or privilege escalation.
Audit Metadata