Conversation Export
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands, specifically
bashandjq, to read and extract data from Claude Code's local JSONL session files. It also utilizesrmfor individual file deletion during batch management tasks. - [EXTERNAL_DOWNLOADS]: The integration guide recommends the installation of external Model Context Protocol (MCP) servers from well-known organizations, such as the official Notion MCP server.
- [DATA_EXFILTRATION]: The skill is designed to transmit conversation content to external platforms (Notion, Feishu). This operation is conducted through the user's own pre-configured MCP infrastructure.
- [PROMPT_INJECTION]: The skill represents a surface for indirect prompt injection because it ingests and processes untrusted conversation history for summarization and export.
- Ingestion points: Reads active conversation memory and session JSONL files (SKILL.md).
- Boundary markers: Employs Markdown headers and separators to distinguish between user and assistant content (references/format-templates.md).
- Capability inventory: Possesses file write access and network communication via MCP tools (SKILL.md).
- Sanitization: Documentation specifies HTML entity escaping for code content in HTML exports (references/format-templates.md).
Audit Metadata