session-search
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Remote Code Execution] (CRITICAL): The skill contains commands to download and execute scripts directly from the internet (
curl | sh) for installing theuvandrusttoolchains. Specifically, it includescurl -LsSf https://astral.sh/uv/install.sh | shandcurl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh. This pattern is highly dangerous as it bypasses script verification and executes unvetted remote code with current user privileges. - [External Downloads] (HIGH): The skill recommends installing
claude-code-toolsandaichat-searchfrom external repositories without providing integrity hashes or version pinning, increasing susceptibility to supply chain attacks. - [Data Exposure] (MEDIUM): The skill's core functionality involves reading sensitive session logs from
~/.claude/projects/. These files contain historical transcripts of AI agent interactions, which frequently include proprietary code, personal information, or environment secrets. - [Indirect Prompt Injection] (LOW): The skill processes untrusted historical session data, creating a surface for indirect prompt injection attacks where an attacker could influence future agent actions by poisoning previous logs.
- Ingestion points: Reads
.jsonlsession files from~/.claude/projects/. - Boundary markers: None; the agent is directed to read and summarize the content directly into its context without isolation.
- Capability inventory: Execution of
aichatCLI tools and local file system reads. - Sanitization: None; there is no escaping or filtering of the historical session content before it is processed.
Recommendations
- HIGH: Downloads and executes remote code from: https://sh.rustup.rs, https://astral.sh/uv/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata