conversation-history-setup
Fail
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The shell script
scripts/index-history.shexecutes pre-compiled binaries (ch-index-all-*) based on the system architecture. These binaries are not provided in source form, making their operations unverifiable. - [REMOTE_CODE_EXECUTION]: The execution of opaque, unverified binaries is a high-risk behavior that grants the software full access to the user's environment and sensitive data without oversight.
- [PROMPT_INJECTION]: The skill processes historical conversation data, creating a potential vector for indirect prompt injection.
- Ingestion points: Conversation files in
~/.claude/projects/as described inSKILL.md. - Boundary markers: No delimiters or instructions to ignore embedded commands are present in the scripts.
- Capability inventory: Subprocess execution of binaries in
scripts/index-history.sh. - Sanitization: No evidence of sanitization of the content from
~/.claude/projects/is found in the provided files.
Recommendations
- AI detected serious security threats
Audit Metadata