learn-from-session
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes multiple shell commands including find, jq, grep, and cat to locate and parse session data files. These commands are executed on paths derived from user-provided session identifiers.
- [DATA_EXFILTRATION]: The skill accesses sensitive interaction logs stored in the ~/.claude/projects directory. These logs contain session history, code snippets, and potentially sensitive information from previous agent interactions. It also writes detailed analysis logs to the /tmp directory.
- [PROMPT_INJECTION]: High risk of indirect prompt injection because the skill reads and interprets session files (JSONL) which contain untrusted user and assistant messages. 1. Ingestion points: ~/.claude/projects/*.jsonl, user commentary, and skill files. 2. Boundary markers: Absent for the session content during parsing. 3. Capability inventory: filesystem read/find, shell execution (jq, grep), and /tmp file writes. 4. Sanitization: No evidence of sanitization, escaping, or filtering of historical interaction data before it is re-processed by the agent.
Audit Metadata