developer-growth-analysis
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill accesses the
~/.claude/history.jsonlfile, which contains a history of user messages, project context, and pasted content. This file can frequently contain sensitive information, proprietary code, or credentials accidentally pasted during development sessions. The skill processes this data and transmits summarized reports to an external Slack workspace, creating a data flow from private local logs to a network endpoint. - [COMMAND_EXECUTION]: The skill utilizes the RUBE_SEARCH_TOOLS and RUBE_MULTI_EXECUTE_TOOL from the Rube MCP server to execute network-based searches on HackerNews and to perform interactions with the Slack API.
- [PROMPT_INJECTION]: The skill is exposed to indirect prompt injection (Category 8) because it processes untrusted data from the user's past chat history. If the history logs contain malicious instructions (e.g., from a code snippet the user was debugging), these could influence the agent's analysis or the content of the generated report sent to Slack.
- Ingestion points: Historical chat data read from
~/.claude/history.jsonl. - Boundary markers: The instructions do not specify the use of delimiters or 'ignore' instructions to separate the untrusted history content from the analysis logic.
- Capability inventory: Access to local files and the ability to send messages to Slack and search the web.
- Sanitization: No explicit sanitization or filtering of the historical chat content is described before it is used to generate the analysis.
Audit Metadata