context-report
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Data Exposure (LOW): The skill accesses session logs stored in
~/.dotfiles/claude.symlink/projects/. These files contain full chat histories, which are sensitive. However, this access is directly related to the skill's primary purpose. - Indirect Prompt Injection (LOW): The skill ingests untrusted data from session logs which could contain malicious instructions designed to influence the agent reading the resulting report.
- Ingestion points:
.jsonlfiles located in the project subdirectories. - Boundary markers: Absent; data is processed and printed directly to the output.
- Capability inventory: The skill uses local bash commands (
jq,grep,cat, etc.) to parse and aggregate data. - Sanitization: Absent; the script extracts raw strings from the logs using
jqwithout escaping or filtering. - Command Execution (SAFE): The skill uses a strictly defined list of allowed tools (
jq,find,wc, etc.) and performs local data processing only. No network activity or unauthorized system modifications were detected.
Audit Metadata