sessions
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFE
Full Analysis
- Data Exposure (SAFE): The skill manages session data locally. It references environment variables (
process.env.SESSION_KEY) for encryption rather than hardcoding secrets. No sensitive file access or network-based exfiltration patterns were detected. - Remote Code Execution (SAFE): The implementation consists of static handlers and basic logic. It does not use
eval(),exec(), or any functions capable of executing arbitrary code or remote scripts. - Indirect Prompt Injection (LOW): The skill handles conversation history, which is a surface for indirect prompt injection. However, the mandatory evidence chain shows:
- Ingestion points:
addMessage(SKILL.md API) and history tracking. - Boundary markers: None explicitly implemented in this wrapper.
- Capability inventory: Limited to local state management and string responses; no network or shell capabilities.
- Sanitization: Relies on the host environment's SessionManager.
- Conclusion: Due to the lack of exploitable capabilities (network/shell), the risk remains LOW.
- Command Execution (SAFE): There are no subprocess calls or shell command executions present in the provided source code.
Audit Metadata