claude-tail
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- Unverifiable Dependency (MEDIUM): The skill instructions depend on a command-line tool called
claude-tailwhich is not part of the standard environment and has no provided installation source, version, or checksum. This makes the integrity of the executable unverifiable. - Indirect Prompt Injection (MEDIUM): The skill is designed to read and analyze Claude Code session logs from
~/.claude/sessions/*.jsonl. These logs contain untrusted content from previous AI interactions. If an attacker can influence the content of a log (e.g., via a previous interaction), they could embed instructions that trigger when the agent processes the log for filtering or summarization. No boundary markers or sanitization steps are defined for this ingestion. - Command Execution (LOW): The usage examples involve executing shell commands with complex arguments and command substitution (e.g.,
$(ls -t ... | head -1)) to locate session files, which is a standard but sensitive operation.
Audit Metadata