track

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The tracker is instructed to read and print slices of other sessions' JSONL messages and repo files (including tool inputs and commands), which can contain API keys, tokens, or passwords and thus require outputting secret values verbatim.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The skill is intentionally designed to locate and tail another Claude Code instance's private JSONL conversation log and to read repository files in real time — a targeted, privacy-invasive monitoring tool that enables easy access to sensitive conversation contents and file-level secrets (high-risk surveillance/backdoor behavior), even though it does not itself include explicit network exfiltration or remote-control code.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly discovers and tails another Claude Code instance's conversation log at ~/.claude/projects//.jsonl (TARGET_JSONL) and parses assistant/user message text as part of its monitoring workflow, so untrusted user-generated content in that JSONL can influence decisions and actions.