analyze-chat-export
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes VS Code chat export files which contain untrusted user input and model responses. This ingestion of external data constitutes a surface for indirect prompt injection. 1. Ingestion points: The extract-metrics.sh script and multiple jq queries read JSON data from user-provided file paths. 2. Boundary markers: The script does not utilize explicit delimiters to isolate content. 3. Capability inventory: The skill performs local filesystem read and write operations using jq and bash. 4. Sanitization: The documentation provides a specific jq query to redact sensitive patterns like passwords and tokens from the logs before processing.
- [COMMAND_EXECUTION]: The skill utilizes bash scripts and the jq utility to perform local data extraction and reporting. These operations are limited to parsing and summarizing metrics from provided files as part of its primary function.
Audit Metadata