recall-reasoning
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill executes local Python and Bash scripts (artifact_query.py, search-reasoning.sh) to access internal history logs. These operations are restricted to the local filesystem.
- [PROMPT_INJECTION] (LOW): This finding relates to Indirect Prompt Injection (Category 8). The skill reads historical handoffs and reasoning files which could contain instructions that might influence the agent if the history is contaminated. 1. Ingestion points: Data is pulled from the artifact index and .git/claude/ reasoning files. 2. Boundary markers: No specific delimiters or safety instructions are defined to separate historical content from current instructions. 3. Capability inventory: The skill has the ability to execute local commands and read files. 4. Sanitization: No sanitization or filtering of historical content is mentioned in the usage documentation.
Audit Metadata