summon

Pass

Audited by Gen Agent Trust Hub on Jul 4, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill invokes local command-line tools using subprocess.run. It uses fzf for interactive session selection and the official claude CLI for generating session handover summaries. These operations are conducted without shell=True and target specific binaries on the user's path, matching the skill's documented functionality.
  • [DATA_EXFILTRATION]: The skill accesses Claude Desktop session metadata and transcript files located in standard local application data directories. While it processes conversation history, the data remains local or is passed to the official Claude CLI tool (a well-known service from a trusted provider) for distillation, which is consistent with the primary use case.
  • [PROMPT_INJECTION]: The skill contains internal prompts used to instruct the LLM on how to summarize conversation history. These prompts are functional and do not attempt to override agent safety protocols or bypass constraints.
  • [EXTERNAL_DOWNLOADS]: No network operations or external resource downloads from untrusted sources were identified. All operations are local or utilize established vendor tooling.
  • [INDIRECT_PROMPT_INJECTION]: The skill possesses an ingestion surface for untrusted data by reading past session transcripts. However, it implements boundary markers (e.g., --- CONVERSATION EXTRACTION ---) and uses a specific, tool-less invocation of the Claude CLI to minimize risks associated with processing potentially malicious content within transcripts.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 4, 2026, 07:00 PM
Security Audit — agent-trust-hub — summon