Skills
skills/soul-brews-studio/oracle-skills-cli/dig/Gen Agent Trust Hub

dig

Pass

Audited by Gen Agent Trust Hub on Mar 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: Potential for indirect prompt injection. The skill extracts and displays summaries and messages from past Claude Code sessions. If a past session contains malicious instructions, the agent processing the output of this skill might inadvertently follow them.
  • Ingestion points: scripts/dig.py reads session history from .jsonl files in ~/.claude/projects/.
  • Boundary markers: The rendering instructions in SKILL.md do not include delimiters or warnings to ignore embedded instructions.
  • Capability inventory: The skill performs read-only operations using ls and python3.
  • Sanitization: The script truncates session summaries and message snippets to 80 characters.
  • [COMMAND_EXECUTION]: The skill executes the ls command to discover project directories and the ghq list -p command within the Python script to resolve repository paths.
  • [DATA_EXFILTRATION]: The skill accesses sensitive interaction logs in ~/.claude/projects/, which contain private conversation history and metadata from past sessions.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 14, 2026, 05:31 AM