analyze-usage
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes local command-line tools including duckdb, find, stat, and jq to aggregate data and manage a persistent database. This is a standard operation for the tool's analytical purpose.
- [PROMPT_INJECTION]: The skill ingests data from external logs which may contain untrusted content, creating an indirect prompt injection surface. Evidence Chain: (1) Ingestion points: Claude Code JSONL logs and Cursor SQLite databases. (2) Boundary markers: None specific. (3) Capability inventory: Local file read/write and SQL execution. (4) Sanitization: Escaping of single quotes and structured JSON extraction.
- [SAFE]: The tool operates entirely on local data and does not perform network operations. Sensitive file access to chat logs is restricted to the tool's primary stated purpose.
Audit Metadata