Skills
skills/terrylica/cc-skills/session-recovery/Gen Agent Trust Hub

session-recovery

Pass

Audited by Gen Agent Trust Hub on Mar 8, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute various diagnostic and repair scripts across SKILL.md and TROUBLESHOOTING.md.- [COMMAND_EXECUTION]: Use of the --dangerously-skip-permissions flag with the claude command in TROUBLESHOOTING.md. This flag intentionally bypasses internal tool-use confirmation prompts and safety filters within the Claude CLI environment.- [PROMPT_INJECTION]: Indirect Prompt Injection Surface (Category 8):
  • Ingestion points: In TROUBLESHOOTING.md, the skill reads raw session history content from .jsonl files located in ~/.claude/projects/ using head and grep.
  • Boundary markers: No delimiters or boundary instructions are provided to the agent to distinguish between its own instructions and the content of the session files.
  • Capability inventory: The skill has permission to use the Bash tool, granting the agent the ability to execute arbitrary system commands.
  • Sanitization: Content from the session files is processed directly without any validation, escaping, or sanitization.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 8, 2026, 03:32 PM