session-report
Pass
Audited by Gen Agent Trust Hub on Apr 11, 2026
Risk Level: SAFE
Full Analysis
- [Sensitive Data Access]: The skill reads session transcripts from the
~/.claude/projectsdirectory to calculate usage statistics. This is the intended functionality of the diagnostic tool. - [Data Exposure in Report]: The generated HTML file includes a JSON payload containing session summaries, prompt text, and transcript context. While this allows for an interactive report, users should treat the resulting HTML file as sensitive information if they plan to share it.
- [Indirect Prompt Injection Surface]: The skill processes historical session data (user and assistant messages). Malicious content in past transcripts could theoretically influence the summary findings, although the script primarily focuses on metadata such as token counts and timestamps.
Audit Metadata