recovery
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious behavior or security violations were detected; the skill's operations are limited to the agent's internal configuration and history directories (.claude/context/).
- [COMMAND_EXECUTION]: The skill uses the Bash tool for benign administrative tasks, including directory exploration (ls), file reading (cat), and repository state restoration (git reset), which are necessary for the workflow recovery process.
- [PROMPT_INJECTION]: There is an attack surface for indirect prompt injection because the skill reads reasoning and artifact files to reconstruct state. However, this functionality is a core requirement for its purpose and occurs within the trusted history context of the agent.
Audit Metadata