skill-usage-stats

Pass

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/skill_usage_report.py executes the ripgrep (rg) command-line tool via subprocess.run to efficiently search through large log files. While this is a standard performance optimization and the implementation uses a safe argument list (avoiding shell injection), it involves invoking an external system process.
  • [DATA_EXFILTRATION]: The skill is designed to read and aggregate data from sensitive local directories, specifically ~/.claude/projects and ~/.codex/sessions. These directories contain the agent's full interaction history, which may include proprietary code, personal identifiers, or sensitive queries. While the skill only processes this data locally to generate reports, it constitutes access to highly sensitive user information.
  • [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection because it processes untrusted session logs and incorporates extracted metadata into its reports.
  • Ingestion points: Reads interaction logs from ~/.claude/projects and ~/.codex/sessions (specifically .jsonl files).
  • Boundary markers: None identified; the script relies on JSON parsing and regular expressions to extract skill names.
  • Capability inventory: File system access (reading logs, writing reports), and subprocess execution (subprocess.run for rg).
  • Sanitization: The script uses json.loads and regex for extraction, and formats output into Markdown, CSV, and JSON structures. It does not execute the content of the logs, but malicious content in the logs could influence an agent reading the generated report.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 2, 2026, 11:20 AM
Security Audit — agent-trust-hub — skill-usage-stats