current
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to run local system commands including date, git status, cat, and grep. These commands are used to retrieve environment status, session metadata, and task counts.
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by processing external project data. * Ingestion points: Content is read from TODO.md and .claude/sessions/.current-session. * Boundary markers: There are no delimiters or specific instructions to the agent to treat the file content as untrusted data. * Capability inventory: The skill is explicitly granted Bash and Read permissions, allowing it to execute system commands and read files on the host. * Sanitization: No sanitization or validation of the file content is performed before the agent processes the data.
Audit Metadata