claude-code-history-files-finder
Pass
Audited by Gen Agent Trust Hub on Apr 5, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [DATA_EXFILTRATION]: The skill facilitates access to Claude Code session logs in ~/.claude/projects/. These files contain historical conversation data, source code, and potentially sensitive environment variables or credentials used in past sessions. Accessing these paths is a sensitive data exposure risk, although the skill lacks network capabilities to exfiltrate the data.
- [PROMPT_INJECTION]: The skill represents an indirect prompt injection surface because it processes untrusted historical session logs. Malicious instructions embedded in these logs could potentially influence the agent's behavior during analysis or recovery.
- [PROMPT_INJECTION]: Evidence Chain for indirect prompt injection: 1. Ingestion points: scripts/analyze_sessions.py and scripts/recover_content.py read session files. 2. Boundary markers: Absent. 3. Capability inventory: File system read and write. 4. Sanitization: Absent.
Audit Metadata