share
Warn
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: MEDIUMPROMPT_INJECTIONDATA_EXFILTRATIONCREDENTIALS_UNSAFECOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The 'Post-Execution Reflection' section contains instructions for the agent to self-modify the 'SKILL.md' file based on execution outcomes ('fix this file immediately'). This 'Self-Evolving' mechanism can be exploited to persistently alter the skill's instructions if the agent is manipulated by malicious data during a session.
- [DATA_EXFILTRATION]: The skill's primary purpose is to bundle and upload user session logs from '~/.claude/projects/' to an external Cloudflare R2 bucket. This exposes sensitive local development history and interaction context to a remote endpoint.
- [CREDENTIALS_UNSAFE]: The workflow relies on the 1Password CLI ('op') to provide secrets for the upload process, which involves the agent programmatically handling sensitive credentials.
- [COMMAND_EXECUTION]: The skill executes multiple shell scripts ('scripts/bundle.sh', 'scripts/sanitize.sh') and system tools ('aws', 'bun', 'brotli'), creating a broad surface for command-related vulnerabilities.
Audit Metadata