session-resume
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes the shell command
git branch --show-currentto identify the active branch of the project being resumed.\n- [PROMPT_INJECTION]: The workflow involves reading and summarizing external project files, which establishes a surface for indirect prompt injection.\n - Ingestion points: Data is read from user-controlled files at
{project_path}/project_state.mdand{project_path}/implementation_process/in_progress/*.md.\n - Boundary markers: The skill does not implement delimiters or safety instructions to prevent the agent from obeying instructions embedded within these project files.\n
- Capability inventory: The agent can execute shell commands and modify a local registry file in the user's home directory.\n
- Sanitization: Project data is summarized and processed without validation or sanitization.
Audit Metadata