session-index
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill requires the installation of the
claude-session-indexpackage viapip. This package and its author ('Lee Fuhr') are not among the trusted sources or organizations specified in the security framework. - [COMMAND_EXECUTION] (LOW): The skill instructions direct the agent to construct and execute shell commands (e.g.,
sessions "keywords") by interpolating user input directly into command strings, which could lead to command argument injection if keywords are not properly sanitized. - [Indirect Prompt Injection] (LOW): The skill processes untrusted data from previous Claude Code sessions stored in
~/.session-index/sessions.db. Malicious instructions embedded in past conversations could be re-activated during the 'synthesis' phase. - Ingestion points: Session data is read from
~/.session-index/sessions.dband~/.claude/session-topics/. - Boundary markers: No specific delimiters or 'ignore' instructions are provided when interpolating session history into the synthesis task.
- Capability inventory: Includes
bashcommand execution and the ability to spawn sub-tasks using thehaikumodel. - Sanitization: No sanitization or validation of the retrieved session content is mentioned.
Audit Metadata