Skills
skills/43college/43-agent-skills/token-stats/Gen Agent Trust Hub

token-stats

Pass

Audited by Gen Agent Trust Hub on Apr 14, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection because it processes session data without sufficient sanitization before rendering.
  • Ingestion points: Reads conversation history from JSONL logs in ~/.claude/projects/ within both token_calendar.py and token_stats.py.
  • Boundary markers: Absent; log content is directly interpolated into HTML templates via JSON replacement.
  • Capability inventory: Generates HTML reports in temporary directories and opens them in a browser via subprocess.run().
  • Sanitization: Absent; the frontend JavaScript uses innerHTML to display model names and project identifiers, creating a Cross-Site Scripting (XSS) vector if session logs contain malicious payloads.
  • [COMMAND_EXECUTION]: The scripts execute system utilities (open, xdg-open) using subprocess.run() to display the generated visualizations to the user.
  • [EXTERNAL_DOWNLOADS]: Fetches visualization libraries (Chart.js) from the jsDelivr CDN and font styles from Google Fonts to enhance the report presentation.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 14, 2026, 11:34 AM