session-scout
Warn
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions and documentation (SKILL.md, README.md) direct the agent to execute a PowerShell script using 'pwsh -ExecutionPolicy Bypass -File D:\admin\scripts\session-scout.ps1'. This bypasses local security configurations and executes code from a path outside the skill's own directory structure.
- [DATA_EXPOSURE]: The skill is designed to scan and extract information from sensitive session storage locations, including '%USERPROFILE%.claude\projects', '~/.claude/projects', and '%APPDATA%\Claude'. These files (.jsonl and .log) contain private conversation histories, project paths, and session identifiers.
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data from external session logs and artifacts.
- Ingestion points: Reads content from *.jsonl (Claude Code) and *.log (OpenCode) files across Windows and WSL distros.
- Boundary markers: None identified in the provided documentation to distinguish between log data and system instructions.
- Capability inventory: PowerShell script execution via pwsh, file system traversal across Windows and WSL distros, and CSV export functionality.
- Sanitization: No evidence of sanitization or escaping of the content read from session logs before processing or display.
- [EXTERNAL_DOWNLOADS]: While no network downloads are explicitly performed, the skill relies on an 'unverifiable dependency' by requiring a script to exist at a specific absolute path ('D:\admin\scripts\session-scout.ps1') which is not included in the skill package itself.
Audit Metadata