session
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill manages session aliases stored in
~/.claude/session-aliases.json. Accessing files in the user's home directory outside the project workspace is a sensitive operation that could lead to data exposure if the agent's context is compromised. - [COMMAND_EXECUTION]: The behavioral instructions in
context-dev.mdandcontext-review.mdexplicitly direct the agent to use the Bash tool for running tests, build processes, and linting commands. This grants the agent autonomous execution capabilities over project-level scripts. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the data it processes.
- Ingestion points: The agent reads session metadata from
~/.claude/session-aliases.jsonand project progress frommemory-bank/progress.md. - Boundary markers: There are no explicit delimiters or instructions to the agent to ignore potentially malicious content embedded within these data sources.
- Capability inventory: The agent has the authority to execute Bash commands and perform file modifications via the Edit tool.
- Sanitization: The skill lacks mechanisms to sanitize or validate the content of the files it reads before they influence the agent's actions.
Audit Metadata