wrap-history
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes several shell commands (find, stat, jq, split) and a provided bash script (extract-session.sh) to locate, parse, and handle large session history files stored in the user's home directory.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes historical conversation data which could contain malicious instructions designed to influence the agent's behavior during the analysis phase.
- Ingestion points: Historical session logs located at ~/.claude/projects/*.jsonl.
- Boundary markers: Absent. The skill does not use delimiters or explicit instructions to treat the ingested history as data rather than instructions.
- Capability inventory: The skill can execute shell commands and spawn subagents (Task), providing a path for injected instructions to trigger actions.
- Sanitization: Absent. No filtering or sanitization of the extracted message content is performed beyond structural extraction with jq.
Audit Metadata