scout-pro
Warn
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill is specifically instructed to access and analyze the contents of the
~/.claude/directory, including session history, rules, and project memory files. These directories are internal to the AI agent's environment and typically contain sensitive conversation context, private project data, and application configurations. - [COMMAND_EXECUTION]: The skill performs extensive file system operations using
Read,Glob, andGrepon absolute paths (e.g.,/Users/gabe/claude-skills/) and internal hidden directories. This behavior grants the agent visibility into the local file system beyond the immediate workspace. - [PROMPT_INJECTION]: The skill relies on 'Deep Context Analysis' by ingesting untrusted data from previous conversation histories and external session files (
session-context.md). This historical data can contain malicious instructions from previous sessions that could influence the agent's current orchestration logic or skill recommendations through indirect prompt injection. - Ingestion points: Reads full conversation history and internal memory files from
~/.claude/. - Boundary markers: None provided to distinguish between historical instructions and data.
- Capability inventory: Can execute network requests (
WebFetch), file reads, and search operations based on processed history. - Sanitization: No evidence of input validation or instruction filtering for historical data.
- [SAFE]: The skill includes a logging mechanism to track performance and recommendations. While this involves writing a persistent state file (
scout-pro-usage-log.json), the activity is aligned with its stated purpose of improving recommendations over time.
Audit Metadata