Skills
skills/daymade/claude-code-skills/claude-usage-analyst/Gen Agent Trust Hub

claude-usage-analyst

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill documentation recommends installing the ccusage utility from the NPM registry (npm install -g ccusage@latest). This is a legitimate tool and a well-known package registry, directly supporting the skill's primary function of usage analysis.
  • [COMMAND_EXECUTION]: The skill executes the ccusage command through a Python wrapper script (scripts/analyze_claude_usage.py). The script uses subprocess.run with a list of arguments, which is a secure implementation that prevents shell injection attacks.
  • [PROMPT_INJECTION]: The skill processes data from the output of the ccusage command. While this represents a potential surface for indirect prompt injection if the usage data contained malicious instructions, the skill implements specific formatting and explanation rules that minimize this risk. This is considered a typical data-processing risk for AI agents.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 05:03 AM
Security Audit — agent-trust-hub — claude-usage-analyst