Skills
skills/vishalsachdev/claude-code-skills/start-session/Gen Agent Trust Hub

start-session

Fail

Audited by Gen Agent Trust Hub on May 4, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill is instructed to identify and immediately execute 'sync or pull' shell commands documented in the CLAUDE.md file. This constitutes dynamic command execution based on external, potentially untrusted file content.\n
  • Evidence: Step 1 in SKILL.md explicitly states: "If CLAUDE.md documents a sync or pull command (rsync, git pull, etc.), run it now."\n- [PROMPT_INJECTION]: The skill processes project-specific files and task inboxes to guide agent behavior, creating an indirect prompt injection surface.\n
  • Ingestion points: The agent reads CLAUDE.md (Steps 0, 2, 6), _agent-inbox/*.md (Step 5b), and follows paths for related repositories found in the project configuration.\n
  • Boundary markers: Absent. There are no instructions to the agent to treat content from these external files as untrusted or to ignore embedded instructions.\n
  • Capability inventory: The skill possesses the ability to execute arbitrary shell commands (Step 1), perform network operations via git pull (Step 5b), and navigate the file system using cd (Step 5b).\n
  • Sanitization: Absent. Content from CLAUDE.md and the _agent-inbox/ is parsed and used to influence the session orientation and execution plan without validation or escaping.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 4, 2026, 05:20 AM