milestone
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
Bashtool to execute a bundled shell script (references/milestone-new-session.sh) for session management. This script usespython3to parse metadata from local milestone files andosascripton macOS to automate the creation of new terminal windows (iTerm2 or Terminal.app) for fresh agent sessions.\n- [EXTERNAL_DOWNLOADS]: The skill documentation (README.md) mentions installation vianpx, which is a standard package runner for Node.js-based tools and does not represent a security risk in this context.\n- [DATA_EXFILTRATION]: No suspicious network activity or unauthorized data transfer patterns were detected. The skill reads and writes project data to the local.milestones/directory and a project-specific cache located in~/.claude/projects/, which is necessary for its stated function of maintaining cross-session context.
Audit Metadata