analytics

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the Bash tool to run jq queries and wc commands for data processing. These operations are restricted to local analytics files in the user's home directory.
  • [DATA_EXPOSURE]: Accesses local usage logs, session replays, and token statistics (~/.claude/analytics/, ~/.claude/projects/). This exposure is consistent with the skill's primary purpose. The skill implements a critical safety rule (data-privacy.md) that requires hashing project identifiers and stripping personally identifiable information (PII) before presentation.
  • [PROMPT_INJECTION]: Analyzed for indirect prompt injection risks associated with parsing CC session logs. While logs may contain user-generated content, the skill instructions focus on extracting structural data (timestamps, tool calls, token counts) and presenting them in markdown tables, which significantly mitigates the risk of the agent misinterpreting logged content as new instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 05:09 PM
Security Audit — agent-trust-hub — analytics