Security risk report for @forgecat/anthropics_claude-plugins-official_session-report v0.0.4
Source Integrity
Low
Profile is sourced from Anthropic's official claude-plugins-official repository (https://github.com/anthropics/claude-plugins-official), a trusted first-party source.
Licensed under Apache-2.0 and clearly attributed to Anthropic with commit hash (7e401ed) for auditability.
Agent Intent
Low
Skill instructions are purely procedural: run a bundled analyzer, read JSON, copy a template, edit HTML with data, and report the file path — no manipulation of the agent's instructions, system prompt, or hidden directives.
No attempt to exfiltrate credentials, read sensitive files outside the user's own session data, or hide/deny the skill's own instructions.
No guidance poisoning: the skill does not plant malicious knowledge, recommend typosquatted packages, or weaken security defaults.
Details
Evidence
Steps 1–5 are transparent data-processing operations: 'Run the bundled analyzer', 'Read /tmp/session-report.json', 'Copy the template', 'Edit the output file', 'Report the saved file path'.
No instructions to fetch external URLs, install remote payloads, or reveal system prompts.
Permissions
PRM-000Medium
The skill implicitly requires shell execution (running `node` scripts, `cp`, `date`) and file-write access to the working directory, which are medium-to-high risk capabilities for a reporting tool.
Reading `~/.claude/projects` transcripts grants access to potentially sensitive conversation history across all Claude Code sessions, which is broader than a typical analytics scope.
No declared tool categories are listed, so the actual permission surface depends on the host agent's ambient capabilities — the skill relies on implicit shell and filesystem access without explicit scoping.