Skills
skills/oliver-kriska/claude-elixir-phoenix/analyze-sessions/Gen Agent Trust Hub

analyze-sessions

Warn

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill accesses highly sensitive session logs located in ~/.claude/projects/*/. These files contain complete transcripts of past AI interactions, which often include proprietary code snippets, environment details, and internal file paths.
  • [COMMAND_EXECUTION]: The skill executes multiple local Python scripts included in its package (references/extract-session.py and references/condense.py) to process the sensitive session data.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. Because it extracts and analyzes arbitrary text from previous session logs (which can include content from files read or tool outputs controlled by an attacker in a previous session), malicious instructions embedded in those logs could influence or hijack the subagents (Sonnet/Opus) performing the analysis. This risk is particularly high as the pipeline lacks sanitization or boundary markers between the data and the analysis prompt.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 1, 2026, 09:45 PM