Remembering Conversations
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The
install-hookscript establishes a lifecycle hook at~/.claude/hooks/sessionEndto automate the indexing of conversation data at the end of each session. - [DATA_EXFILTRATION]: Conversation content is read from local logs and sent to the Anthropic API via the official SDK to generate summaries for the search index.
- [EXTERNAL_DOWNLOADS]: The skill downloads the
all-MiniLM-L6-v2embedding model from Hugging Face during the initial configuration. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it processes untrusted historical conversation data. Ingestion points:
~/.claude/projects/*.jsonlfiles containing previous user and assistant messages. Boundary markers: The subagent template (search-agent.md) provides structural headers but lacks robust delimiters for the ingested data. Capability inventory: File system access (read/write), network API calls (summarization), and CLI tool execution. Sanitization: Conversation content is summarized and indexed without explicit sanitization or filtering.
Audit Metadata