build-timeline
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION]: The skill accesses sensitive conversation logs stored in
~/.claude/projects/. These files contain a history of user interactions with the AI, which can include code, architecture details, and potentially sensitive tokens or keys if they were part of the conversation. This access is required for the skill's primary function of visualizing build history.\n- [PROMPT_INJECTION]: The skill processes untrusted data from conversation logs and git history, creating a surface for indirect prompt injection.\n - Ingestion points: Conversation logs in
~/.claude/projects/*.jsonlandgit logoutput (referenced in SKILL.md).\n - Boundary markers: The skill does not define boundary markers or provide instructions to ignore embedded commands within the processed log data.\n
- Capability inventory: The skill uses
git,ls,jq, andpythonto process data and writes the final HTML report to the local filesystem (SKILL.md).\n - Sanitization: There are no instructions to sanitize or escape the content extracted from logs before it is interpolated into the HTML output template.\n- [COMMAND_EXECUTION]: The skill executes multiple shell commands to extract repository information and parse logs, including
git,ls, andjq. It also recommends using Python for parsing data. These commands are used to implement the skill's core logic but run with the agent's system permissions.
Audit Metadata