cc-history
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill provides patterns for reading and analyzing historical conversation logs which serve as an ingestion point for untrusted data. There is a risk that an agent analyzing these logs might interpret historical malicious instructions as current commands if not properly sandboxed.
- Ingestion points: JSONL files located in
~/.claude/projects/. - Boundary markers: Absent. The provided command examples (e.g.,
jq,grep) do not include logic to distinguish between data and instructions. - Capability inventory: File system read and text processing via
ls,grep,jq,sed, andfindas documented in SKILL.md. - Sanitization: None. The skill assumes the logs are processed as raw data.
- [COMMAND_EXECUTION] (LOW): The documentation provides multiple bash and jq snippets. While intended for local analysis, these are suggested for execution by the agent or user.
- [DATA_EXPOSURE] (SAFE): While the skill targets files in
~/.claude/projects/, these are internal application logs meant for the user's own analysis and are not transmitted externally.
Audit Metadata