Skills
skills/team-attention/hoyeon/skill-session-analyzer/Gen Agent Trust Hub

skill-session-analyzer

Fail

Audited by Gen Agent Trust Hub on Apr 8, 2026

Risk Level: HIGHDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill explicitly targets and reads highly sensitive files in ~/.claude/, including projects/*.jsonl and debug/*.txt. These files contain a comprehensive history of user interactions, tool outputs, and potential credentials or proprietary code exposed during previous AI agent sessions.
  • [COMMAND_EXECUTION]: The skill executes multiple local shell scripts (find-session-files.sh, extract-subagent-calls.sh, extract-hook-events.sh) to perform file system searches and log parsing. These scripts use tools like find and grep on system paths containing user data.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8). It ingests untrusted content from session logs and external SKILL.md files to verify behavior, which could be used to manipulate the analyzer's logic.
  • Ingestion points: Target SKILL.md files and session logs located at ~/.claude/debug/{sessionId}.txt and ~/.claude/projects/*.jsonl.
  • Boundary markers: Absent. The scripts perform raw regex matches on log lines without isolation or delimiters.
  • Capability inventory: The skill possesses Read, Bash, Write, and Task capabilities, allowing it to execute further commands or modify files based on its analysis.
  • Sanitization: None detected. The parsing logic directly extracts and processes strings from untrusted logs.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 8, 2026, 11:01 AM