my-history-insight
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs file system operations to locate and read session history files within the sensitive
~/.claude/projects/directory. Accessing application-specific metadata and history logs can expose previous code snippets, project structures, and user-provided information. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes historical session data as input for analysis. If a past session contains adversarial instructions (e.g., content from a malicious file or website processed in a previous session), these could influence the sub-agents during the summarization or pattern-finding steps.
- Ingestion points: Historical
.jsonlsession files located in~/.claude/projects/. - Boundary markers: None identified; the skill directly extracts and processes content with
role: userwithout delimiters or instruction-ignore warnings. - Capability inventory: Recursive file reading, session content extraction, and multi-agent textual analysis.
- Sanitization: No evidence of sanitization or filtering for the extracted content before it is passed to the analysis agents.
Audit Metadata