stenographer
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
stenographer.pyexecutes system commands usingsubprocess.runto interact with clipboard utilities such asclip.exe,pbcopy,xclip, andxselbased on the host operating system. \n- [DATA_EXFILTRATION]: The skill accesses the~/.claude/projects/directory, which contains sensitive conversation logs. While this is the skill's primary purpose, the ability to export this data to files or the system clipboard facilitates moving sensitive information out of the agent's controlled environment. \n- [PROMPT_INJECTION]: The skill processes untrusted content from conversation logs, including user messages and tool outputs. It implements a custom HTML renderer using regular expressions. While basic HTML escaping is performed, rendering untrusted data from session history remains a surface for potential indirect prompt injection if the output is viewed in sensitive contexts.
Audit Metadata