summon
Pass
Audited by Gen Agent Trust Hub on Jul 4, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes local command-line tools using
subprocess.run. It usesfzffor interactive session selection and the officialclaudeCLI for generating session handover summaries. These operations are conducted withoutshell=Trueand target specific binaries on the user's path, matching the skill's documented functionality. - [DATA_EXFILTRATION]: The skill accesses Claude Desktop session metadata and transcript files located in standard local application data directories. While it processes conversation history, the data remains local or is passed to the official Claude CLI tool (a well-known service from a trusted provider) for distillation, which is consistent with the primary use case.
- [PROMPT_INJECTION]: The skill contains internal prompts used to instruct the LLM on how to summarize conversation history. These prompts are functional and do not attempt to override agent safety protocols or bypass constraints.
- [EXTERNAL_DOWNLOADS]: No network operations or external resource downloads from untrusted sources were identified. All operations are local or utilize established vendor tooling.
- [INDIRECT_PROMPT_INJECTION]: The skill possesses an ingestion surface for untrusted data by reading past session transcripts. However, it implements boundary markers (e.g.,
--- CONVERSATION EXTRACTION ---) and uses a specific, tool-less invocation of the Claude CLI to minimize risks associated with processing potentially malicious content within transcripts.
Audit Metadata