open
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local scripts and shell commands to manage session state.
- It triggers local scripts including ~/.claude/scripts/open-context.sh, ~/.claude/scripts/check-symlinks.sh, and claude-doctor.sh for setup and diagnostics.
- It uses standard utilities like sed for dynamic path encoding and mv for file management.
- It recommends installing a local tool named bon using uv from a repository path.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection from project-specific context files.
- Ingestion points: Reads local handoff markdown files and tracker context files (bon.txt) from the ~/.claude/ directory.
- Boundary markers: No delimiters or protective instructions are used to separate ingested content from agent instructions.
- Capability inventory: The agent has the ability to execute shell scripts and perform file system operations.
- Sanitization: The skill does not perform any escaping or validation on the content retrieved from session files before processing it.
Audit Metadata