agent-sessions
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local scripts and binaries to query and manage session history, including a Python script at
/Users/vladmdgolam/Play/radar/tools/agent-sessions, a Rust TUI at~/.local/bin/claude-history, and a GUI application at/Applications/Claude Code History Viewer.app. - [DATA_EXFILTRATION]: The skill accesses sensitive conversation logs and project metadata located in directories such as
~/.claude,~/.codex, and~/.gemini. This access is a requirement for the skill's primary function of history management. No external network requests or data exfiltration patterns were detected. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it ingests untrusted data from past session logs which could contain adversarial instructions.
- Ingestion points: Local JSON and JSONL files within
~/.claude/projects/,~/.codex/sessions/, and~/.gemini/tmp/(SKILL.md). - Boundary markers: Not present; the skill treats session content as data to be searched and listed without explicit delimiters.
- Capability inventory: Ability to execute shell commands and launch applications (SKILL.md).
- Sanitization: No sanitization or escaping of the ingested session history is specified before it is processed or displayed.
Audit Metadata