analytics-export
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTION
Full Analysis
- COMMAND_EXECUTION (HIGH): Arbitrary file write and overwrite through unsanitized output path redirection.
- Evidence: In
SKILL.md, the script takes a user-providedOUTPUT_FILEargument and uses it directly in shell redirection:cat "${SUMMARY_FILE}" > "${OUTPUT_FILE}",{ ... } > "${OUTPUT}". - Risk: An attacker can specify paths such as
~/.bashrc,~/.ssh/authorized_keys, or/etc/cron.d/malicious_jobto gain persistence or elevate privileges. Even though the content being written is analytics data, the ability to destroy or modify these files is a significant security risk. - INDIRECT_PROMPT_INJECTION (HIGH): Vulnerability to data poisoning from processed analytics files.
- Ingestion points:
~/.claude-analytics/summary.jsonand~/.claude-analytics/events.jsonlare read and processed. - Boundary markers: Absent. The data is parsed and directly interpolated into the output stream.
- Capability inventory: Arbitrary file write capability through redirection.
- Sanitization: Absent. The script uses
jqto extract keys and values from the analytics files and prints them directly into CSV or Markdown tables. If an attacker can influence the name of a command or skill that gets logged (e.g., by executing a command with a malicious name), they can inject content into the exported files. - DATA_EXFILTRATION (LOW): Reading of internal analytics data.
- Evidence: The skill accesses
~/.claude-analytics/summary.json, which contains metadata about the user's interaction history with the agent.
Recommendations
- AI detected serious security threats
Audit Metadata