cost-tracking
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
sqlite3command-line utility to query a local database file at~/.claude-cost-tracker/usage.db. This is used to generate reports on project, tool, and session costs and is restricted to the skill's stated purpose. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface through its ingestion of external data. 1. Ingestion points: Usage records are read from the local SQLite database at
~/.claude-cost-tracker/usage.db. 2. Boundary markers: The instructions do not define specific delimiters or instructions to prevent the agent from obeying prompts that might be stored within the database fields (e.g., project names or tool outputs). 3. Capability inventory: The skill utilizes shell command execution (sqlite3) and file system access. 4. Sanitization: There is no logic provided to sanitize or validate the content of the database records before processing.
Audit Metadata