continue-claude-here
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a provided Python helper script (
scripts/claude_session_tool.py) and theclaudeCLI to search logs, export transcripts, and resume sessions.\n- [PROMPT_INJECTION]: The skill processes untrusted data from past conversation transcripts stored in~/.claude/*.jsonl, creating a surface for Indirect Prompt Injection.\n - Ingestion points: Local session logs are read and summarized by the Python helper script.\n
- Boundary markers: Absent; transcript content is extracted and presented to the agent without explicit delimiters or instructions to ignore embedded commands.\n
- Capability inventory: The skill can execute shell commands, create directories, and run the
claudeCLI.\n - Sanitization: No content validation or sanitization of the transcript text is performed before it is imported into the current context.\n- [DATA_EXFILTRATION]: The skill accesses sensitive local chat history in
~/.claude. Although this is the primary feature of the skill, it exposes potentially private information to the agent context.
Audit Metadata