save-session
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill utilizes local shell commands to gather project context.\n
- Evidence: Executes
git branch --show-currentandgit status --shortto identify the current branch and local modifications.\n- [PROMPT_INJECTION] (MEDIUM): Vulnerability to Indirect Prompt Injection (Category 8) due to the handling of external/saved state.\n - Ingestion points: The Resume Procedure reads content from
checkpoint-*.mdfiles in the memory directory and plan files from~/.claude/plans/.\n - Boundary markers: Absent; instructions contained within these files are directly adopted as the 'Next Action' and 'Failed Approaches' for the agent.\n
- Capability inventory: The skill possesses file write/delete capabilities and can execute Git commands.\n
- Sanitization: No validation or sanitization of the content within the ingested files is performed before processing.
Audit Metadata