meditate
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its automated processing of project content.
- Ingestion points: Markdown files from the 'brain/', '.agents/skills/', and '~/.claude/projects//memory/' directories are aggregated into a single snapshot (Step 1 in SKILL.md).
- Boundary markers: Files are separated by '=== path ===' headers in the snapshot script, but no explicit instructions are provided to sub-agents to ignore instructions contained within the ingested data.
- Capability inventory: The skill can autonomously apply changes, including updating or deleting files based on sub-agent reports (Step 6 in SKILL.md).
- Sanitization: The aggregated content is not sanitized or validated before being analyzed by sub-agents.
- [COMMAND_EXECUTION]: The skill executes a local shell script 'scripts/snapshot.sh' to generate snapshots of project data. The script uses standard utilities like find and cat to collect file contents and does not interact with the network.
Audit Metadata