chat-profile-analysis
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [DATA_EXFILTRATION]: The skill accesses sensitive local files including
~/.claude/history.jsonl,~/.claude/usage-data/report.html, and%USERPROFILE%\.local\share\opencode\opencode.db. These files contain private user conversation history and tool usage statistics. This access is the primary intended behavior of the skill for generating personality profiles. - [COMMAND_EXECUTION]: The skill provides Python code templates for the agent to execute in its local environment. These scripts use the
sqlite3library to query and extract message content and metadata from the OpenCode database. - [PROMPT_INJECTION]: The skill processes untrusted chat history data which serves as an indirect prompt injection surface.
- Ingestion points: Local chat log files and SQLite databases.
- Boundary markers: No specific delimiters or instructions are provided to the agent to treat the log content as data rather than instructions.
- Capability inventory: The agent utilizes local file reading and Python code execution capabilities to process the data.
- Sanitization: No sanitization or filtering of the chat log content is implemented before it is analyzed by the AI.
- [EXTERNAL_DOWNLOADS]: The documentation mentions installation using
git cloneornpxfrom the author's GitHub repository (github.com/duckytan/claude-skills), which is documented and relates to the vendor's own resource.
Audit Metadata