claude-code-history-files-finder
Fail
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: HIGHDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [Data Exposure & Exfiltration] (HIGH): The skill is designed to programmatically access and extract data from
~/.claude/projects/. These session history files are highly sensitive as they contain complete logs of previous AI interactions, which often include source code, absolute file paths, and hardcoded credentials or API keys (as acknowledged in the skill's own documentation). - [Unverifiable Dependencies] (MEDIUM): The skill relies on two Python scripts (
analyze_sessions.pyandrecover_content.py) that were not provided in the analysis package. The skill instructs the agent to execute these scripts, which constitutes the execution of unverified logic. - [Indirect Prompt Injection] (LOW): The skill possesses a surface for indirect prompt injection by ingesting untrusted session data from past interactions. Ingestion points: JSONL session files in
~/.claude/projects/; Boundary markers: None identified in documentation; Capability inventory: File reading and writing via referenced Python scripts; Sanitization: None automated, documentation only suggests manual verification by the user.
Recommendations
- AI detected serious security threats
Audit Metadata