meditate
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted content from the knowledge base and project memory, creating an indirect prompt injection surface. Malicious instructions in audited files could influence subagents to suggest harmful actions.
- Ingestion points: brain/ files, CLAUDE.md, and project memory (located in ~/.claude/projects/).
- Boundary markers: Uses file path headers in snapshots but lacks semantic instruction isolation or explicit instructions to ignore embedded directives.
- Capability inventory: File deletion, rewriting, and merging across the knowledge base.
- Sanitization: No sanitization or filtering of the file contents before processing.
- [COMMAND_EXECUTION]: The skill executes a local shell script (snapshot.sh) via the sh command to aggregate project data.
- [DATA_EXFILTRATION]: Aggregated project content and sensitive memories are written to the /tmp/ directory, potentially exposing them to other local users or processes.
Audit Metadata