conversation-search
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection by retrieving and outputting raw data from previous conversation logs. This could allow instructions from past sessions to influence the agent's current behavior.
- Ingestion points: Reads historical conversation data from JSONL files located in
~/.claude/projects/. - Boundary markers: The output does not use clear delimiters or warnings to separate historical content from current instructions.
- Capability inventory: While the search script itself only performs read operations and text processing, the agent utilizing this skill typically possesses significant capabilities like command execution.
- Sanitization: The script does not perform any sanitization or filtering of the retrieved message content before presenting it to the agent.
Audit Metadata