session-inspector
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill accesses sensitive application data stored in ~/.claude/projects/ and ~/.claude/plans/. These directories contain detailed conversation logs and project planning documents. It also includes functionality to transmit this data to external GitHub issues and pull requests via the create-pr-from-session command.
- [COMMAND_EXECUTION]: The skill utilizes the erk CLI tool (erk exec) and invokes the claude CLI via subprocess in the distill_with_haiku function to process and summarize session information.
- [PROMPT_INJECTION]: The extract-session-from-issue command fetches and processes content from GitHub issues. This introduces an indirect prompt injection surface where external content from GitHub comments could influence the agent's context during extraction.
Audit Metadata