claude-tracker-suite
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies extensively on shell command execution and script invocation to manage session lifecycles and automate terminal applications.
- Evidence: JS and Bash scripts in the
scripts/directory usechild_process.execSync,spawnSync, andosascriptto interact with system tools and thecmuxCLI. - [DATA_EXFILTRATION]: The skill accesses sensitive conversation transcripts and project history stored in the
~/.claude/directory. While this is the intended purpose of the skill, it involves reading potentially private code and metadata. - Evidence:
scripts/search-sessions.jsandscripts/list-sessions.jsparse JSONL files in the project session directories to extract message content and summaries. - [PROMPT_INJECTION]: The skill displays content from historical session transcripts (JSONL files), which represents an indirect prompt injection attack surface if those transcripts contain malicious instructions.
- Ingestion points:
~/.claude/projects/*/*.jsonl(session history transcripts read by search and list tools). - Boundary markers: Absent; transcript content is displayed directly in the terminal output.
- Capability inventory: The skill has permissions to execute arbitrary shell commands via the platform's
Bashtool and its own scripts. - Sanitization:
search-sessions.jsincludes aNOISE_PATTERNSfilter to ignore standard system context files likeCLAUDE.mdandMEMORY.mdduring searches.
Audit Metadata