ruminate
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill accesses sensitive user data by reading conversation logs from
~/.claude/projects/and~/.codex/sessions/. This exposure of private chat history is necessary for the skill's primary function but involves handling highly personal information. - [COMMAND_EXECUTION]: The process involves executing a shell script from another skill (
.claude/skills/meditate/scripts/snapshot.sh) and a local Python script for data extraction. These executions are confined to the local environment. - [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks when processing untrusted historical data.
- Ingestion points: The skill ingests raw text from past conversation JSONL files via the
extract-conversations.pyscript. - Boundary markers: No explicit delimiters or 'ignore' instructions are used in the prompts for the analysis sub-agents to prevent the execution of instructions found within the logs.
- Capability inventory: The skill possesses the ability to spawn sub-agent teams (
TeamCreate) and execute local scripts. - Sanitization: No sanitization or filtering of the historical message content is performed prior to analysis.
Audit Metadata