session-handoff
Fail
Audited by Snyk on Jun 30, 2026
Risk Level: CRITICAL
Full Analysis
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs the agent to read the environment variable CLAUDE_CODE_SESSION_ID and embed the full UUID verbatim into files, engram entries, and the printed resume command, requiring the LLM to handle and output a sensitive session token.
CRITICAL E006: Malicious code pattern detected in skill scripts.
- Malicious code pattern detected (high risk: 1.00). This skill deliberately records full conversation summaries and the full CLAUDE_CODE_SESSION_ID to disk (git-tracked docs/handoffs/) and to an external memory service (mem_save / mem_session_summary) without user interaction or consent, which constitutes intentional data exfiltration and exposes session identifiers that could enable session hijack or resume.
Issues (2)
W007
HIGHInsecure credential handling detected in skill instructions.
E006
CRITICALMalicious code pattern detected in skill scripts.
Audit Metadata