cc-history
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTIONNO_CODE
Full Analysis
- [Data Exposure] (MEDIUM): The skill provides instructions to access ~/.claude/projects/, which contains sensitive conversation history logs. These logs can contain user data, project secrets, and previous interactions. While central to the skill's purpose, this access level is classified as sensitive data exposure.\n- [Indirect Prompt Injection] (LOW): The skill documentation encourages reading untrusted data from history logs using shell tools. This creates an indirect prompt injection surface where malicious instructions stored in previous conversations could influence the agent's behavior during analysis.\n
- Ingestion points: ~/.claude/projects/*.jsonl files.\n
- Boundary markers: None identified in provided query patterns.\n
- Capability inventory: Use of bash, jq, grep, and sed to process log content.\n
- Sanitization: No sanitization or escaping of log content is suggested before the agent processes the query results.\n- [No Code] (SAFE): The skill does not include any executable scripts or packages, reducing the risk of direct malicious code execution.
Audit Metadata