conversation-archaeologist
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- Data Exposure (HIGH): The skill is explicitly designed to 'Mine ALL past Claude conversations.' This grants it access to PII, credentials, or business secrets shared in any historical session.
- Indirect Prompt Injection (HIGH): The skill ingests historical data via 'conversation_search' to create a 'User Manual' that influences 'all other skills'. This creates a high-severity injection surface.
- Ingestion points: Historical chat logs via 'conversation_search' and 'recent_chats' tools.
- Boundary markers: Absent. There are no instructions to distinguish historical data from current instructions.
- Capability inventory: The resulting profile is designed to 'Make all other skills smarter,' giving it significant influence over downstream agent behavior.
- Sanitization: Absent. Malicious instructions embedded in past conversations could be extracted and promoted to a system-level behavioral guideline.
Recommendations
- AI detected serious security threats
Audit Metadata