remember
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Executes local git commands including
git log,git status, andgit stash listto reconstruct recent work history and current repository state. - [PROMPT_INJECTION]: The skill processes untrusted data from previous conversation logs and project files, creating an indirect prompt injection surface.
- Ingestion points: Reads session history JSONL files from
~/.claude/projects/, and project-level files such asSESSION_PROGRESS.mdandROADMAP.md. - Boundary markers: No specific delimiters or boundary markers are defined to isolate untrusted session history content from the agent's internal instructions.
- Capability inventory: Executes shell-based git commands and has file system read access.
- Sanitization: The skill contains a mandatory rule to sanitize sensitive data (API keys, tokens, credentials) before producing the summary, but does not explicitly handle potential instruction injection within those logs.
Audit Metadata