claude-reflect
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Command Execution] (SAFE): Shell scripts are used for local workspace automation, such as analyzing git history and configuring hooks. These actions are standard for development tools and do not involve remote execution.\n- [Indirect Prompt Injection] (LOW): The skill processes data from git commit messages and tool sessions. This data is then formatted into markdown reports, creating a surface for indirect prompt injection.\n
- Ingestion points: Git logs in
scripts/analyze-history.shand session logs inscripts/analyze-sessions.sh.\n - Boundary markers: No explicit delimiters or warnings are used in the generated reports to distinguish between system analysis and ingested data.\n
- Capability inventory: The skill can write files and execute local git/bash commands.\n
- Sanitization: Uses
jqfor structured extraction, but does not sanitize the text content of commits or logs.
Audit Metadata