session-control

This skill itself is narrowly scoped and plausible for its stated internal purpose: run a local script to manage session resume/fork behavior and update session state files. The principal security concern is executing a local shell script with workflow-controlled flags: without the script contents, there is a moderate command-injection and file-corruption risk. No direct evidence of network exfiltration or hard-coded credentials exists in this YAML fragment, but the lack of the script source prevents ruling out malicious behavior. Before approving broader use: review scripts/session-control.sh, ensure safe argument passing (no shell interpolation), add integrity checks, and restrict where the skill can be loaded.