rrr
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes several system commands like
git log,git diff,ls, andmkdirto gather session information and manage retrospective files.\n- [REMOTE_CODE_EXECUTION]: The skill executes an external Python script located at~/.claude/skills/dig/scripts/dig.py. This relies on a file existing outside the skill's controlled environment.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. It reads git commit history and project files which could contain malicious instructions designed to influence the agent's output during the retrospective generation.\n - Ingestion points: Git log and diff output, as well as JSON files in ψ/data/pulse/ (SKILL.md).\n
- Boundary markers: No delimiters or warnings are used to isolate ingested data from the generation instructions.\n
- Capability inventory: The skill can write to the local file system and interact with the
oracle_learntool (SKILL.md, DEEP.md).\n - Sanitization: No filtering or validation is performed on the data retrieved from the project environment.
Audit Metadata