Skills
skills/d0lim/claude-code-spawner-skill/spawn-session/Gen Agent Trust Hub

spawn-session

Pass

Audited by Gen Agent Trust Hub on Feb 25, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes scripts/spawn.sh to launch terminal windows and initialize Claude Code sessions.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by accepting a --prompt argument passed to the new session.
  • Ingestion points: The PROMPT_TEXT variable in scripts/spawn.sh, derived from user input.
  • Boundary markers: None; the prompt is passed as a direct argument to the sub-agent.
  • Capability inventory: The spawned agent has full access to the local filesystem and shell commands.
  • Sanitization: Employs printf '%q' for shell escaping but lacks content-based sanitization for the LLM prompt.
  • [PROMPT_INJECTION]: Includes a --dangerously-skip-permissions flag that allows the agent to bypass confirmation prompts for sensitive operations.
  • [COMMAND_EXECUTION]: Uses osascript to automate iTerm2 via AppleScript on macOS systems.
  • [COMMAND_EXECUTION]: Generates and executes temporary shell scripts in /tmp to orchestrate session startup within new terminal environments.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 25, 2026, 06:20 PM