developer-growth-analysis
Warn
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill reads the sensitive local file
~/.claude/history.jsonl, which stores a comprehensive record of the user's Claude Code interactions, including proprietary code and potentially sensitive credentials or tokens. This information is summarized and sent to Slack via the Rube MCP toolset, involving the transmission of private local data to an external cloud platform. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection attacks because it processes untrusted historical chat data without sufficient safeguards. Ingestion points: The
displayandpastedContentsfields in the~/.claude/history.jsonlfile are treated as input for analysis. Boundary markers: The skill's instructions do not include the use of delimiters or 'ignore embedded instructions' warnings for the historical data. Capability inventory: The agent can perform web searches and communicate via Slack using the provided tools. Sanitization: No sanitization or filtering of the chat history content is performed before it is analyzed or included in reports.
Audit Metadata