daily-log
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses a bash script with
findandstatto locate session files. The script interpolates a date variable directly, which could present a command injection surface if the input date is not validated by the agent.\n- [PROMPT_INJECTION]: Vulnerable to indirect prompt injection because it summarizes historical logs that may contain untrusted content.\n - Ingestion points: JSONL session files located in
~/.claude/projectsand~/.codex/sessions/.\n - Boundary markers: None; the subagent is instructed to read the raw JSONL content and extract summaries without specific delimiters.\n
- Capability inventory: Local file discovery via bash, file reading, file writing to
~/moz_artifacts/, and subagent task creation.\n - Sanitization: No evidence of content sanitization or validation of the log data before it is processed.\n- [DATA_EXFILTRATION]: Accesses sensitive local data including full interaction histories and code snippets from Claude Code and Codex. This data exposure is necessary for the skill's primary function.
Audit Metadata