claude-history-ingest
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection surface. The skill is designed to ingest and distill untrusted data from Claude Code conversation transcripts located in
~/.claude. - Ingestion points:
~/.claude/projects/*/*.jsonl(Conversation logs) and~/.claude/projects/*/memory/*.md(Memory files). - Boundary markers: Absent. The instructions do not specify delimiters or provide 'ignore' directives for the content of the logs being processed.
- Capability inventory: The agent performs local file read and write operations across the history directory and the Obsidian vault. No network access or command execution tools are utilized.
- Sanitization: The skill includes explicit instructions to skip secrets, API keys, and sensitive content, and to verify ambiguous data with the user. This reduces risk but does not eliminate the ingestion surface.
Audit Metadata