Skills
skills/saidwivedi/research-skills/token-usage/Gen Agent Trust Hub

token-usage

Pass

Audited by Gen Agent Trust Hub on May 6, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill's entry point in SKILL.md interpolates $ARGUMENTS directly into a shell command (python3 ~/.claude/skills/token-usage/show-usage.py $ARGUMENTS). Without strict platform-level sanitization, this provides a potential vector for command injection if malicious strings are passed as arguments to the tool.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing and displaying content from conversation transcripts.
  • Ingestion points: The script show-usage.py reads all .jsonl transcript files within the ~/.claude/projects/ directory.
  • Boundary markers: There are no explicit boundary markers or instructions to the agent to ignore instructions embedded within the processed transcript data.
  • Capability inventory: The skill has the capability to read and write files within the user's home directory (~/.claude) and execute shell commands via SKILL.md.
  • Sanitization: The script performs minimal sanitization (removing HTML tags via regex) when extracting the session_name, but otherwise parses and displays data from external files directly into the agent's context.
Audit Metadata
Risk Level
SAFE
Analyzed
May 6, 2026, 02:28 AM
Security Audit — agent-trust-hub — token-usage