insights
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill reads and processes session transcripts from
~/.claude/projects/, which introduces an indirect prompt injection surface where historical message content could influence current analysis. - Ingestion points: JSONL transcript files located in
~/.claude/projects/*/. - Boundary markers: None; transcripts are read and scanned directly for patterns.
- Capability inventory: Limited to
Read,Glob, andlstools. No network access or file-write capabilities are requested. - Sanitization: No explicit sanitization or filtering of transcript content is performed.
- [COMMAND_EXECUTION]: The skill utilizes
ls -lt ~/.claude/projects/*/to identify and sort project-specific transcript files. This is a standard and safe use of shell commands for local file discovery.
Audit Metadata