skill-idea-miner
Warn
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill accesses sensitive user session logs stored in
~/.claude/projects/. These logs contain a detailed history of user interactions with Claude Code, which may include proprietary code snippets, internal architecture details, and other sensitive information. - [COMMAND_EXECUTION]: The Python scripts
scripts/mine_session_logs.pyandscripts/score_ideas.pyexecute theclaudeCLI tool viasubprocess.run(). This allows the skill to invoke an external binary and process its output within the local environment. - [PROMPT_INJECTION]: The workflow is vulnerable to indirect prompt injection because it incorporates untrusted data from session logs (user messages and tool results) into the prompts used to query the
claudeCLI. - Ingestion points: Log files (
*.jsonl) in the~/.claude/projects/directory. - Boundary markers: The prompt construction in
scripts/mine_session_logs.pyuses some structural headers but lacks strong delimiters or explicit instructions to ignore potential commands embedded within the session log content. - Capability inventory: Both
mine_session_logs.pyandscore_ideas.pyexecute theclaudeCLI with sub-processes. - Sanitization: There is no evidence of sanitization or character escaping applied to the content extracted from session logs before it is interpolated into the prompts.
Audit Metadata