recall-reasoning
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/find_transcript.pyexecutesgitcommands (e.g.,git blame,git show,git rev-parse) using thesubprocess.runmethod. The script uses argument lists and avoidsshell=True, which is a safe practice that prevents shell injection attacks. - [DATA_EXPOSURE]: The skill accesses the
~/.claude/projects/directory to read.jsonltranscript files. This behavior is necessary for its stated purpose of recovering reasoning from previous sessions. The data is processed locally to extract reasoning excerpts and is not exfiltrated to any external domains. - [PROMPT_INJECTION]: The skill processes untrusted historical data (past transcripts) which could theoretically contain instructions intended to influence the agent (Indirect Prompt Injection). The skill mitigates this risk through instructions in
SKILL.mdthat direct the agent to treat transcripts as evidence rather than ground truth and through logic in the script that filters out non-reasoning noise.
Audit Metadata