session-chronicle

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's workflows and scripts explicitly read and parse user-generated Claude Code session files from the local ~/.claude/projects/<encoded_path> directory and also download/decompress artifacts from S3 (s3://eonlabs-findings/...), and those parsed session/S3 contents are used to build session_contexts, trace UUID chains, and drive outputs/uploads—so untrusted session/artifact content could indirectly influence decisions or subsequent tool actions.