developer-growth-analysis
Warn
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill accesses the sensitive local file
~/.claude/history.jsonl. This file contains user queries, project details, and code snippets that may include proprietary logic or credentials. This information is summarized and transmitted to an external Slack workspace via theRUBE_MULTI_EXECUTE_TOOL. The instructions do not include steps to identify or redact sensitive secrets (like API keys or passwords) that may be present in the chat logs before transmission. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes raw chat history data without sanitization.
- Ingestion points: The skill reads from
~/.claude/history.jsonl, which contains untrusted text from prior chat messages and pasted contents. - Boundary markers: Absent. The instructions do not specify the use of delimiters or clear separation between the ingested history and the agent's instructions, nor do they instruct the agent to ignore embedded commands.
- Capability inventory: The skill has the capability to read local files, perform web searches via
RUBE_SEARCH_TOOLS, and send messages to Slack usingRUBE_MULTI_EXECUTE_TOOL. - Sanitization: Absent. There is no logic provided to filter or escape malicious strings or instructions that might be embedded in the user's history.
Audit Metadata