session-reconstruct
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHDATA_EXFILTRATIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- DATA_EXPOSURE (HIGH): The skill explicitly targets sensitive file paths, specifically raw JSONL logs located in
~/.claude/projects/. These files contain the full history of agent interactions, which often include source code, environment details, and potentially sensitive credentials or PII. - INDIRECT_PROMPT_INJECTION (HIGH): This skill is a 'Log Analysis' tool that processes external, untrusted data (exported sessions and logs).
- Ingestion points: Reads
.md,.txt, and.jsonlfiles from the filesystem. - Boundary markers: There are no instructions for sanitizing or delimiting the untrusted log content.
- Capability inventory: While primarily an analytical skill, its output influences the agent's 'understanding' of its own past reasoning and decision-making, which can be manipulated by malicious content within the logs.
- Sanitization: None provided. A malicious log file could contain instructions that subvert the 'Reconstruction Protocol' to trick the agent into adopting unsafe personas or behaviors.
- EXTERNAL_DOWNLOADS (MEDIUM): The installation instructions utilize
npx skills add sunnypatneedi/skills. This source is not within the defined Trusted Organizations list, making the execution of this remote package a risk.
Recommendations
- AI detected serious security threats
Audit Metadata