ralph-session-backup
Warn
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/backup_session.pyusessubprocess.runto execute shell commands viacmd /con Windows and WSL systems to create directory links and retrieve environment information. The arguments for these commands are constructed using thesession_nameparameter without sanitization, allowing for potential command injection if the name contains shell metacharacters like&or|. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it accepts a user-provided session name and uses it to perform sensitive file and system operations without validation. * Ingestion points: Command-line argument
<session_name>inscripts/backup_session.py. * Boundary markers: Absent; the script does not treat the input as untrusted. * Capability inventory: Directory copying (shutil.copytree), deletion (shutil.rmtree), creation (os.makedirs), and shell command execution (subprocess.run). * Sanitization: Absent; input is interpolated directly into file paths and command strings.
Audit Metadata