Skills
skills/tdimino/claude-code-minoan/claude-tracker-suite/Gen Agent Trust Hub

claude-tracker-suite

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses Node.js child_process and shell scripts to run local CLI tools like git and claude. It also uses osascript for macOS-specific terminal automation to open and resume sessions in Ghostty, VS Code, and Cursor.
  • [INDIRECT_PROMPT_INJECTION]: The search-sessions.js tool reads local session transcript files (.jsonl). While these files contain untrusted conversation history, the script implements formatting and filtering to prevent these entries from being misinterpreted as instructions by the agent.
  • [DATA_EXPOSURE_AND_EXFILTRATION]: Local automation scripts utilize the system clipboard (pbcopy) to ensure commands are correctly passed to terminal applications, which is a standard technique for handling complex shell strings in automation workflows.
  • [PERSISTENCE_MECHANISMS]: The documentation provides instructions for setting up a background daemon via macOS launchd for automatic session summarization. This is a user-initiated configuration for enhanced local functionality.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 11:46 PM