Skills
skills/gupsammy/claudest/get-token-insights/Gen Agent Trust Hub

get-token-insights

Pass

Audited by Gen Agent Trust Hub on Apr 9, 2026

Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted conversation logs and feeds extracted insights into a subagent, creating a surface for indirect prompt injection.
  • Ingestion points: The scripts/ingest_token_data.py script reads JSONL files from the ~/.claude/projects/ directory.
  • Boundary markers: Absent; the instructions in SKILL.md (Step 1.5) direct the agent to include verbatim text from findings in the subagent prompt without explicit delimiters or safety warnings.
  • Capability inventory: The subagent has access to Bash, Agent, and AskUserQuestion tools.
  • Sanitization: Absent; data extracted from logs (findings, root causes) is passed directly into the next agent prompt without escaping or validation.
  • [DATA_EXFILTRATION]: The skill accesses local directories containing sensitive conversation history and session databases.
  • Evidence: scripts/ingest_token_data.py accesses ~/.claude/projects/ and ~/.claude-memory/conversations.db to parse and store analytics data. This behavior is associated with the skill's primary purpose of providing token usage insights.
  • [EXTERNAL_DOWNLOADS]: The generated dashboard template fetches resources from well-known services.
  • Evidence: templates/dashboard.html fetches the Chart.js library from cdn.jsdelivr.net and typography from fonts.googleapis.com and fonts.gstatic.com.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 9, 2026, 05:32 PM