session-insights
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill processes session transcripts, which are untrusted external data, creating an indirect prompt injection surface. Malicious instructions embedded in session logs could attempt to influence the subagents performing the analysis.
- Ingestion points: Transcripts are fetched via 'mcp__ccrider__get_session_messages' in Step 5.
- Boundary markers: The prompt instructions for subagents do not specify the use of delimiters or 'ignore' instructions for the transcript content.
- Capability inventory: The skill writes to the local file system ('.claude/') and spawns sub-agent instances (Sonnet/Haiku).
- Sanitization: No explicit sanitization or validation of transcript content is performed before processing.
- [COMMAND_EXECUTION]: The skill orchestrates a pipeline involving automated file system operations (writing transcripts and reports to '.claude/session-analysis/') and the spawning of subagent processes to handle parallel analysis tasks.
- [EXTERNAL_DOWNLOADS]: The documentation points to an external GitHub repository (github.com/neilberkman/ccrider) as a requirement for the ccrider MCP tool. This is documented as an informative prerequisite for the user to manually fulfill.
Audit Metadata