cclens-trace-analyzer

Warn

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the agent to perform a global installation of the claude-code-lens package from the NPM registry using npm install -g claude-code-lens if the tool is not found.
  • [COMMAND_EXECUTION]: The skill relies on executing multiple shell commands via the cclens CLI tool, including cclens trace list, show, and export, to interact with system trace data.
  • [DATA_EXFILTRATION]: The skill accesses sensitive information by reading Claude Code session traces. These files, typically stored in ~/.claude-code-lens/, contain internal model reasoning, tool execution logs, and full conversation histories from previous AI interactions.
  • [INDIRECT_PROMPT_INJECTION]:
  • Ingestion points: The agent reads exported Markdown trace files which contain the complete record of previous Claude Code sessions.
  • Boundary markers: The instructions lack explicit boundary markers or directives to ignore instructions that might be embedded within the trace data being analyzed.
  • Capability inventory: The skill uses shell command execution (cclens trace) and file reading tools.
  • Sanitization: There is no evidence of sanitization or validation of the trace content before it is read by the agent for analysis, creating a surface for instructions from previous sessions to influence current agent behavior.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 19, 2026, 01:27 PM
Security Audit — agent-trust-hub — cclens-trace-analyzer