session-export
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill accesses session logs stored in
~/.claude/projects/. This access is necessary for the skill's primary purpose of exporting conversation history and is performed locally without transmitting data over the network.- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface when generating summaries of previous chat logs. - Ingestion points:
session_export.pyreads raw JSONL logs from the local Claude projects directory. - Boundary markers: The script uses Markdown headers (
## Userand## Assistant) to delimit message content in the exported file. - Capability inventory: The skill performs local file read and write operations and provides instructions for the AI to summarize the generated output.
- Sanitization: The script includes a
strip_ansifunction to remove terminal formatting codes from the log content before processing.
Audit Metadata