Add privileged session termination and recording integrity gates

[shaiananvari8]

Skill Improvement ($50-150 Bounty)

Addresses #2545

Skill Modified

Skill name: privileged-access
Skill path: skills/identity/privileged-access/

What Was Wrong

The skill covered JIT access, session recording, and PAM monitoring, but it did not require evidence that active privileged sessions actually end when a JIT grant expires or is manually revoked. It also treated session recording mostly as a coverage question, without requiring integrity, custody, gap, and administrator-separation evidence.

What This PR Fixes

• Bumps privileged-access to v1.0.1.
• Adds AC-12 and AU-9 to the frontmatter and framework references.
• Adds PAM-JIT-11 and PAM-JIT-12 for lingering active sessions and cached privileged session artifacts after expiry/revocation.
• Adds an active session termination evidence table covering expiry, manual revocation, token/cache invalidation, evidence trails, and exceptions.
• Adds PAM-REC-13 through PAM-REC-16 for recording integrity, custody, interruption gaps, and admin self-suppression.
• Adds recording integrity and custody checks plus output fields for session expiry and recording evidence.
• Adds common pitfalls for expired grants with live sessions and recordings without custody proof.

Evidence

Before, a PAM review could pass if JIT entitlements expired and sessions were recorded somewhere:

JIT grant expires -> entitlement removed
Session recording -> present

After, the review must prove active-session and audit-evidence behavior:

JIT grant expires or is revoked -> active shell/console/session terminated or downgraded
Recording exists -> custody path, tamper evidence, gap handling, and admin separation verified

Test Cases Added/Updated

• Existing skill file still has all required frontmatter fields.
• Markdown fenced-code blocks remain balanced.
• Marker checks cover AC-12, AU-9, lingering-session findings, recording-integrity findings, output evidence, pitfalls, and version history.
• git diff --check passed.
• Exported patch applies cleanly with git apply --check.

Bounty Tier

• Moderate ($100) - New edge-case coverage and evidence-gate improvement for PAM session controls and audit integrity.

Bounty Info

• I have read and agree to the CONTRIBUTING.md bounty terms
• Preferred payment method: PayPal to shaiananvari8@gmail.com

[chatgpt-codex-connector]

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.

[github-actions]

Thanks for the submission! 🙏 SecuritySkills is now issue-first: contributions need a linked issue that a maintainer has marked approved before a PR is opened.

Please open an issue describing the skill, wait for the approved label, then reopen this PR with Closes #<issue> in the description. The PR template lists everything we'll look for (including an independently runnable reproduction).