session-report

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs generating a single HTML file that embeds full transcript content, tool results, CLAUDE.md/AGENTS.md/memory and every event verbatim into the report—items that can contain API keys, tokens, or passwords—so the LLM would need to include secret values verbatim in its output (even if HTML-escaped).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.75). Outsider free text from the session transcript (e.g., other users’ prompts/messages, tool outputs, and attachments) is read from disk at runtime via resolveClaudeSession/parseClaudeSession or resolveCodexSession/parseCodexSession, then embedded into the generated HTML/JS context (e.g., renderHistory uses esc(e.body) and renderReport sets window.__CTX__), creating an indirect prompt-injection risk if that HTML/JS is later used as LLM context.