smart-init
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION]: The skill accesses sensitive local conversation history files stored in directories like
~/.claude/projects/to extract patterns and corrections, exposing private user interaction logs to the agent's context.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting untrusted data from project files and conversation history to seed the 'Oracle' knowledge base.\n - Ingestion points:
scripts/discover.pyreads project files and interaction logs;SKILL.mdinstructs codebase and documentation analysis.\n - Boundary markers: No specific delimiters or warnings are used to prevent the agent from obeying instructions embedded within the analyzed data.\n
- Capability inventory: The skill uses
Writeto create persistent knowledge entries andBashto execute discovery scripts.\n - Sanitization: No sanitization or filtering of external content is performed before it is used to define project patterns.\n- [EXTERNAL_DOWNLOADS]: The skill recommends the installation of the
@upstash/context7-mcppackage from a well-known service to provide current library documentation.\n- [COMMAND_EXECUTION]: Executes a local Python script and various shell commands (find, grep, git) to gather information about the project environment.
Audit Metadata