Skills
skills/wilmanbarrios/skills/worklog/Gen Agent Trust Hub

worklog

Fail

Audited by Gen Agent Trust Hub on Mar 20, 2026

Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Persistence mechanism installation. The skill modifies the agent's core configuration file ~/.claude/settings.json to register a UserPromptSubmit hook and uses chmod +x to make the script executable. This ensures the hook script (log-prompt.sh) executes automatically every time the user submits a prompt in future sessions.
  • [DATA_EXFILTRATION]: Automated prompt monitoring and logging. The installed hook script captures the full text of user prompts and the current working directory path, appending them to files in ~/.claude/worklog/. This creates a local repository of sensitive user interaction data that persists on the filesystem.
  • [PROMPT_INJECTION]: Indirect prompt injection surface via worklog processing. The skill reads and summarizes log files that contain raw, unsanitized user prompts.
  • Ingestion points: ~/.claude/worklog/*.md (referenced in SKILL.md, Step 2)
  • Boundary markers: Absent. There are no delimiters or instructions used to distinguish captured log content from the agent's internal instructions.
  • Capability inventory: Read, Glob, Write, Edit, and Bash commands (cat, cp, chmod, ls, date) as defined in the skill's allowed-tools.
  • Sanitization: Absent. The skill processes the raw content of the log files directly into a prose report without escaping or validation.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 20, 2026, 02:17 PM