Remembering Conversations
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted data from historical conversation logs, which presents a surface for indirect prompt injection attacks.\n
- Ingestion points: Reads conversation files in JSONL format from
~/.claude/projects/and~/.config/superpowers/conversation-archive/(seeindexer.tsandparser.ts).\n - Boundary markers: Employs specific system prompts in
summarizer.tsto enforce a factual, non-conversational summary format (e.g., "Output ONLY the summary - no preamble").\n
- Capability inventory: The tool chain allows reading project logs, writing to local archive directories, and making network requests to the Anthropic API via the Claude Agent SDK.\n
- Sanitization: Uses hierarchical summarization in
summarizer.tsto process large logs in chunks, which reduces the likelihood of an embedded injection successfully influencing the final synthesized output.\n- [SAFE]: Network activity is restricted to well-known and trusted services, including Anthropic's API for summarization and Hugging Face for model weights.\n- [SAFE]: The auto-indexing persistence mechanism (installed viainstall-hook) is documented and includes a safe installation process that creates backups and supports merging with existing hooks.\n- [SAFE]: No obfuscated code, hidden URLs, or hardcoded credentials were found during the analysis.
Audit Metadata