chat-history-summarizer
Warn
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of an external third-party package
claude-conversation-extractorvia pip. This tool is not from a well-known or trusted organization and serves as the primary mechanism for log access. - [COMMAND_EXECUTION]: The workflow relies on executing shell commands, specifically the
claude-extractCLI tool for listing, searching, and exporting session data, as well asgrepfor parsing the resulting markdown files. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it processes untrusted data from historical chat logs. If a session log contains adversarial instructions, the agent might follow them during the summarization process.
- Ingestion points: Reads exported conversation logs (e.g.,
exported-log.md) and command-line output fromclaude-extract. - Boundary markers: The skill uses markdown headers like
## 👤 Userto identify boundaries but does not include explicit instructions to disregard embedded commands. - Capability inventory: Includes shell command execution (
bash), file reading, and file writing. - Sanitization: None detected; instructions emphasize quoting user input "exactly," which preserves any injection payloads present in the logs.
Audit Metadata