close
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes various local shell scripts (e.g., ~/.claude/scripts/close-context.sh, check-home.sh, stage-extraction.sh) and system commands like git and bon to manage session state and persistence. These operations are restricted to the user's local filesystem and are consistent with the declared purpose.
- [PROMPT_INJECTION]: The skill includes strong instructional markers to guide the agent through the closure process. It also ingests user input during the Orient and Decide phases to populate handoffs. Ingestion points: User input in SKILL.md phases. Boundary markers: Absent. Capability inventory: Local script execution, file writing, and git operations. Sanitization: Absent. This surface is expected for an interactive session-management skill and does not pose an elevated risk in this local context.
- [DATA_EXPOSURE]: The skill accesses session metadata, git history, and local file paths to generate handoff documentation. It writes this information to local directories (~/.claude/handoffs/) and temporary files (/tmp/garde-extraction.json) with no evidence of external transmission.
Audit Metadata