my-insights
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMNO_CODECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [NO_CODE]: The core functionality of the skill is contained in 'scripts/insights/run_insights.py', which is missing from the provided skill files. The absence of this script makes it impossible to verify the safety of the data processing logic or check for malicious behaviors.
- [COMMAND_EXECUTION]: The skill executes a bash command that passes user-provided '$ARGUMENTS' directly to a Python process. This pattern is susceptible to command injection if the calling environment does not perform strict sanitization of the input.
- [DATA_EXFILTRATION]: The skill extracts session transcripts from '~/.claude', which often contain sensitive information, private code, and potentially hardcoded credentials. These transcripts are sent to an external service (Gemini) for analysis, representing a significant data exposure and exfiltration risk.
- [PROMPT_INJECTION]: The skill processes untrusted data from historical session logs, creating a surface for indirect prompt injection.
- Ingestion points: Session JSONL files located in '~/.claude/'.
- Boundary markers: None identified in the skill's instructions.
- Capability inventory: Subprocess execution via 'python scripts/insights/run_insights.py'.
- Sanitization: Cannot be verified because the processing script is not included.
Audit Metadata