Migrating from Codex and Claude Code
Warn
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill documentation and scripts reference the access and parsing of '~/.claude/settings.json'. According to the provided reference file 'references/claude-format.md', this file contains sensitive authentication tokens including 'apiKey' and 'customApiKey'. Accessing files that store plaintext credentials poses a security risk.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection by ingesting untrusted data from historical sessions.
- Ingestion points: The 'scripts/search.sh' and 'scripts/view-session.sh' scripts read conversation content from JSONL files located in '
/.claude/projects/' and '/.codex/sessions/'. - Boundary markers: No boundary markers or 'ignore' instructions are used when presenting historical message content to the agent.
- Capability inventory: The skill utilizes shell scripts with filesystem read capabilities via 'cat', 'jq', and 'find'.
- Sanitization: No sanitization, escaping, or validation is performed on the historical message strings before they are incorporated into the agent's context.
- [COMMAND_EXECUTION]: The skill provides several Bash scripts ('detect.sh', 'list-sessions.sh', 'search.sh', 'view-session.sh') that execute various system commands to traverse and read the user's home directory. While consistent with the skill's primary purpose, this grants the agent broad read access to sensitive application data directories.
Audit Metadata