Skills
skills/jamie-bitflight/claude_skills/transcript-analysis/Gen Agent Trust Hub

transcript-analysis

Fail

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: HIGHDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill explicitly targets the ~/.claude/projects/ directory, which serves as the storage for Claude Code session transcripts. These files contain highly sensitive data, including full conversation histories, source code snippets, terminal logs, and internal agent reasoning.
  • Evidence: The skill instructions specify the location of transcripts under ~/.claude/projects/ and provide a schema for parsing all record types in the JSONL files (SKILL.md).
  • [DATA_EXFILTRATION]: The skill facilitates the use of the kaizen-duckdb MCP tool, which is identified as a MotherDuck integration. Because MotherDuck is a cloud-native database service, performing arbitrary SQL queries on sensitive local transcripts through this tool creates a pathway for data exfiltration to a remote platform.
  • Evidence: references/duckdb-queries.md explicitly references the MotherDuck MCP server and the execute_query tool for analyzing local transcripts.
  • [COMMAND_EXECUTION]: The agent is instructed to execute arbitrary DuckDB SQL queries via the execute_query tool. This capability allows for complex data extraction and manipulation of the sensitive JSONL files located on the user's filesystem.
  • [PROMPT_INJECTION]: The skill exhibits a significant attack surface for indirect prompt injection as it processes untrusted data from session transcripts without sufficient safety controls.
  • Ingestion points: Transcript JSONL files containing user-generated prompts and tool outputs (SKILL.md).
  • Boundary markers: Absent; the instructions do not suggest using delimiters or explicit markers to prevent the agent from obeying instructions embedded within the transcript data.
  • Capability inventory: The skill utilizes high-capability tools including kaizen-duckdb execute_query (arbitrary SQL) and specialized kaizen-analysis process mining tools.
  • Sanitization: Absent; there are no guidelines for validating or sanitizing the content extracted from transcripts before it is used to drive agent decisions or analysis output.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 29, 2026, 08:41 AM