Skills
skills/mlshv/cc-history-search/search-past-chats/Gen Agent Trust Hub

search-past-chats

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION] (LOW): The skill exposes the agent to indirect prompt injection by retrieving untrusted historical conversation data.
  • Ingestion points: Data enters the current context from project chat history via search-history.js and get-session.js.
  • Boundary markers: The instructions do not define clear delimiters or use 'ignore' directives for the retrieved content.
  • Capability inventory: The agent has the ability to execute local shell commands to run Node.js scripts.
  • Sanitization: There is no documented sanitization or filtering of the content retrieved from previous sessions.
  • [COMMAND_EXECUTION] (LOW): The skill triggers the execution of local JavaScript files via the system shell.
  • Evidence: node "${CLAUDE_PLUGIN_ROOT}/scripts/search-history.js" "<query>".
  • Context: While typical for tool integration, executing commands with user-provided arguments requires the environment to ensure safe parameter handling.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:48 PM