session-export
Warn
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The workflow for updating PR/MR descriptions utilizes a shell heredoc pattern (
cat <<'EOF') that is susceptible to injection. If a fetched PR description contains the string 'EOF' followed by shell commands, the shell will terminate the heredoc early and execute the subsequent commands in the agent's environment. - [PROMPT_INJECTION] (LOW): The skill processes untrusted input by fetching existing PR/MR descriptions from remote repositories, creating an Indirect Prompt Injection surface. Evidence: 1. Ingestion points: existing PR body fetched via
gh pr view. 2. Boundary markers: None; content is appended to the body. 3. Capability inventory: execution ofgh,glab, andopencodeCLI tools. 4. Sanitization: No sanitization or escaping of the fetched content is performed before shell interpolation. - [DATA_EXFILTRATION] (SAFE): The skill explicitly instructs the agent to exclude sensitive data (API keys, credentials, PII) from the generated summaries, reducing the risk of accidental exposure during the export process.
Audit Metadata