Skills
skills/oliver-kriska/claude-elixir-phoenix/session-scan/Gen Agent Trust Hub

session-scan

Fail

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill instructs the agent to spawn subagents using the Task tool with "mode="bypassPermissions"". This is a privilege escalation vector that bypasses standard security guardrails for file and command operations.
  • [COMMAND_EXECUTION]: The instructions for the subagent interpolate external session metadata, specifically {SESSION_ID} and {PROJECT_NAME}, directly into a Bash command string. If this metadata is maliciously crafted, it can lead to arbitrary command injection on the host system.
  • [PROMPT_INJECTION]: The skill ingests untrusted session messages from the ccrider MCP and processes them without boundary markers or sanitization. This establishes an indirect prompt injection surface where malicious content in the logs could potentially manipulate the scoring logic or the agent's interpretation.
  • [COMMAND_EXECUTION]: The main context uses Bash wildcards and shell loops to aggregate result files (".claude/session-metrics/result*.json"). This interaction with the local filesystem via shell scripts adds unnecessary complexity and potential risk to the execution environment.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 10, 2026, 11:41 PM