skill-usage-stats
Pass
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/skill_usage_report.pyexecutes theripgrep(rg) command-line tool viasubprocess.runto efficiently search through large log files. While this is a standard performance optimization and the implementation uses a safe argument list (avoiding shell injection), it involves invoking an external system process. - [DATA_EXFILTRATION]: The skill is designed to read and aggregate data from sensitive local directories, specifically
~/.claude/projectsand~/.codex/sessions. These directories contain the agent's full interaction history, which may include proprietary code, personal identifiers, or sensitive queries. While the skill only processes this data locally to generate reports, it constitutes access to highly sensitive user information. - [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection because it processes untrusted session logs and incorporates extracted metadata into its reports.
- Ingestion points: Reads interaction logs from
~/.claude/projectsand~/.codex/sessions(specifically.jsonlfiles). - Boundary markers: None identified; the script relies on JSON parsing and regular expressions to extract skill names.
- Capability inventory: File system access (reading logs, writing reports), and subprocess execution (
subprocess.runforrg). - Sanitization: The script uses
json.loadsand regex for extraction, and formats output into Markdown, CSV, and JSON structures. It does not execute the content of the logs, but malicious content in the logs could influence an agent reading the generated report.
Audit Metadata