session-report
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- Local Transcript Analysis: The skill executes a Node.js script (
analyze-sessions.mjs) to read usage data from~/.claude/projects. This directory contains sensitive session history, including prompts and code. The analysis is used solely to populate a local HTML report. - Local File Operations: The skill writes a temporary JSON file to
/tmp/session-report.jsonand generates the final HTML report in the current working directory. These operations are restricted to the local file system. - Command Execution: The skill uses
nodeto run the bundled analysis script andcpto prepare the HTML template. This is consistent with the skill's documented purpose of generating a report. - Data Handling: The HTML template includes a basic escaping function (
esc) to sanitize text snippets from the transcripts before they are rendered in the browser, which helps mitigate potential cross-site scripting (XSS) considerations when viewing the report.
Audit Metadata