cc-insights
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The script scripts/generate_insights.py uses subprocess.run to launch analyze_patterns.py for data aggregation. The execution is handled through a structured list of arguments and targets a local script, presenting no shell injection risk.
- [PROMPT_INJECTION]: The skill processes user-generated content from past chat logs which may contain embedded instructions. Ingestion points: Reads ~/.claude/history.jsonl and project session files in ~/.claude/projects/. Boundary markers: No explicit delimiters are used to wrap ingested chat content before analysis. Capability inventory: The skill uses subprocess.run for orchestration and launches sub-agents with exploration capabilities, though network access is explicitly forbidden by instructions. Sanitization: Content is processed as text/JSON without specific sanitization for prompt injection patterns.
- [SAFE]: The skill accesses Claude Code's internal history and project logs. This access is explicitly defined in the skill's purpose and necessary for generating the requested insights. No exfiltration of this data to external services was detected.
Audit Metadata