find-session
Fail
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill modifies the user's shell configuration by appending a persistent function to the ~/.zshrc file. It also executes filesystem search commands including ls and grep to identify session files.
- [DATA_EXFILTRATION]: The skill reads session log files stored in ~/.claude/projects/, which contain full conversation transcripts and historical interaction data. This exposes potentially sensitive information to the agent's context during the search process.
- [PROMPT_INJECTION]: The skill creates an indirect prompt injection surface by processing content from previous conversation logs. * Ingestion points: ~/.claude/projects/*.jsonl files (referenced in SKILL.md Step 4). * Boundary markers: Absent; the agent searches raw content without delimiters. * Capability inventory: Filesystem read/write and command execution. * Sanitization: Absent; content from logs is processed without validation.
Recommendations
- AI detected serious security threats
Audit Metadata