Skills
skills/thedotmack/claude-mem/timeline-report/Gen Agent Trust Hub

timeline-report

Pass

Audited by Gen Agent Trust Hub on Apr 26, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local shell commands using git rev-parse and basename to determine the project context, and instructs a subagent to use sqlite3 for querying data.
  • [DATA_EXFILTRATION]: Accesses the local filesystem to read a sensitive database file at ~/.claude-mem/claude-mem.db to extract token usage and project metrics.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes large amounts of untrusted historical data from the project timeline.
  • Ingestion points: Fetches complete project history (observations, summaries, and facts) from a local API at http://localhost:37777.
  • Boundary markers: Absent. The timeline content is inserted directly into the subagent's prompt without delimiters or instructions to treat the ingested text as potentially malicious data.
  • Capability inventory: The analyzing subagent has the ability to execute shell commands (sqlite3), read local databases, and write markdown files to the local directory.
  • Sanitization: No sanitization or filtering is applied to the project observations before they are passed to the LLM for analysis.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 26, 2026, 07:19 AM