session-memory
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes standard shell commands like 'tail' and 'jq' to extract metadata and file paths from the local agent execution trace for session restoration.
- [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection. Ingestion points: Reads data from files within '.claude/memory/' and '.claude/state/agent-trace.jsonl'. Boundary markers: Absent; the skill does not use specific delimiters or instructions to ignore embedded commands when retrieving history. Capability inventory: The agent has permissions to read, write, and append to files and can execute shell commands. Sanitization: No sanitization or validation of the content retrieved from historical logs is implemented.
Audit Metadata