Remembering Conversations
Warn
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Data Exposure & Exfiltration (MEDIUM): The skill reads personal conversation archives from
~/.config/superpowers/conversation-archive/and transmits snippets to the Anthropic API for summarization. Although the destination is a trusted SDK provider, the systematic processing of sensitive user history is a significant data access risk. Evidence:tool/src/summarizer.ts,tool/src/paths.ts. - Persistence & Command Execution (MEDIUM): The
install-hookscript establishes a persistent execution mechanism by modifying~/.claude/hooks/sessionEnd. This allows the indexing logic to run automatically after every session, creating a permanent footprint in the agent's execution environment. Evidence:tool/install-hook,tool/hooks/sessionEnd. - Indirect Prompt Injection (LOW): The skill processes untrusted historical data that may contain malicious instructions designed to influence future agent behavior. 1. Ingestion points:
summarizer.ts(history),search-agent.md(user-provided topics). 2. Boundary markers: Missing around interpolated variables. 3. Capability inventory: tool execution (search-conversations), file access. 4. Sanitization: Absent. Evidence:tool/src/summarizer.ts,tool/prompts/search-agent.md.
Audit Metadata