analytics
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to run
jqqueries andwccommands for data processing. These operations are restricted to local analytics files in the user's home directory. - [DATA_EXPOSURE]: Accesses local usage logs, session replays, and token statistics (
~/.claude/analytics/,~/.claude/projects/). This exposure is consistent with the skill's primary purpose. The skill implements a critical safety rule (data-privacy.md) that requires hashing project identifiers and stripping personally identifiable information (PII) before presentation. - [PROMPT_INJECTION]: Analyzed for indirect prompt injection risks associated with parsing CC session logs. While logs may contain user-generated content, the skill instructions focus on extracting structural data (timestamps, tool calls, token counts) and presenting them in markdown tables, which significantly mitigates the risk of the agent misinterpreting logged content as new instructions.
Audit Metadata