my-session-analyzer
Warn
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill accesses the directory
~/.claude/projects/to read session records. This path contains internal logs, tool call histories, and assistant/user messages from previous sessions, which may expose sensitive information processed during those interactions. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through the parsing of untrusted log data.
- Ingestion points: Reads and processes content from historical session files in
~/.claude/projects/and variousSKILL.mdfiles. - Boundary markers: There are no defined delimiters or safety instructions to prevent the agent from being influenced by malicious commands embedded within the session logs being analyzed.
- Capability inventory: The skill has read access to project files and session history, and it utilizes
AskUserQuestionto facilitate potential file modifications based on its analysis. - Sanitization: The skill does not implement sanitization or filtering for the content extracted from the execution records before presenting it to the agent for evaluation.
Audit Metadata