review-claudemd
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (LOW): The skill utilizes shell commands (
ls,sed,jq,grep) to navigate the file system and process conversation logs. These operations are intended for the skill's primary function but involve automated local file access. - PROMPT_INJECTION (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) because it processes untrusted data from past interactions to update configuration files.
- Ingestion points: Historical conversation logs located in
~/.claude/projects/*.jsonl(File: SKILL.md). - Boundary markers: Absent; the prompt template provided to subagents does not include delimiters or instructions to ignore embedded commands (File: SKILL.md).
- Capability inventory: The skill results are used to propose modifications to
CLAUDE.mdfiles, which act as persistent configuration for the agent (File: SKILL.md). - Sanitization: Absent; the extraction process uses
jqfor structural mapping but does not filter the text content for malicious prompt injection patterns (File: SKILL.md).
Audit Metadata