reflect
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill leverages file system tools including
WriteandEditto modify files in.claude/skills/or~/.claude/skills/. This allows the agent to update its persistent memory but constitutes modification of executable instructions. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as its core function is to derive rules from untrusted session data.
- Ingestion points: Historical messages are sourced from the
ccrecall.dbSQLite database and the current conversation context. - Boundary markers: The skill does not employ specific delimiters to prevent the agent from interpreting instructions contained within the analyzed history.
- Capability inventory: The skill can perform
WriteandEditoperations on its own skill files. - Sanitization: A critical manual approval step is included, which asks the user to confirm proposed changes before they are committed to disk.
Audit Metadata