meeting-insights-analyzer
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Persistence Mechanism (MEDIUM): The
install-hookscript (referenced inDEPLOYMENT.md) installs a permanent hook at~/.claude/hooks/sessionEnd. This script automatically triggers the indexing process after every session. While this is the core functionality of the 'Remembering Conversations' skill, creating persistent execution hooks is a medium-risk behavior. - Sensitive Data Access (MEDIUM): The indexing system reads and processes historical conversation logs stored in
~/.config/superpowers/conversation-archive/. Accessing full conversation history is high-sensitivity; while necessary for the stated search functionality, it constitutes a significant data exposure risk if the agent is compromised. - Indirect Prompt Injection (LOW): The
summarizer.tslogic andsearch-agent.mdtemplates ingest untrusted data from past conversations. There is a risk that malicious instructions embedded in historical logs could influence the LLM during summarization or search synthesis. - Ingestion points:
~/.config/superpowers/conversation-archive/**/*.jsonlprocessed inparser.tsandsummarizer.ts. - Boundary markers: Uses
<summary>tags insummarizer.tsand structured markdown sections insearch-agent.md. - Capability inventory: Local file read/write (
fs), network access via the Anthropic SDK, and local command execution via shell scripts. - Sanitization: No explicit escaping or filtering of historical conversation content is performed before interpolation into prompts.
- Command Execution (LOW): The
sharing-skillscomponent facilitates execution ofgitandgh(GitHub CLI) commands for branch management and PR creation, which involves remote interaction and credential usage.
Audit Metadata