Skills
skills/ai-native-camp/camp-2/history-insight/Gen Agent Trust Hub

history-insight

Pass

Audited by Gen Agent Trust Hub on Mar 4, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes shell commands including find, stat, split, and jq to locate and parse session data. It dynamically constructs paths to access ~/.claude/projects/, which contains sensitive conversation logs stored by the Claude Code environment.- [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection by processing untrusted historical data.
  • Ingestion points: Reads historical session logs from the local filesystem (~/.claude/projects/**/*.jsonl) containing past user and assistant messages.
  • Boundary markers: No delimiters or safety instructions are observed when the extracted historical text is passed to subagents (Task(model="opus")) for analysis.
  • Capability inventory: The skill can spawn subagents and perform various file system operations.
  • Sanitization: The skill extracts raw text from logs using jq without sanitizing the content for potential instructions that might influence the LLM's behavior during the analysis phase.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 4, 2026, 11:03 AM