save-conversation
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill is hosted at HartreeWorks/skill--save-conversation, which is not a trusted repository source.
- DATA_EXFILTRATION (HIGH): The skill is designed to read and process sensitive session logs from ~/.claude/projects/. This directory contains the user's private interaction history, which may include code, secrets, or personal data.
- COMMAND_EXECUTION (HIGH): The skill requires the agent to execute a Python script (export.py) downloaded from an untrusted source. This script is granted read access to the user's private session history.
- PROMPT_INJECTION (MEDIUM): (Category 8) Ingestion point: ~/.claude/projects/*.jsonl; Boundary markers: None; Capability: Read session logs and write files; Sanitization: None. This surface allows previously stored malicious instructions in chat logs to be re-executed or manipulated during the export process.
Recommendations
- AI detected serious security threats
Audit Metadata