session-sync
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: Executes local commands including
git diff,git log, andccw. These operations are used to retrieve context about recent changes and to rebuild specification indices, which aligns with the skill's documented purpose. - [DATA_EXPOSURE]: Accesses local project files within the
.workflowand.ccw/specsdirectories, as well as the git history. The data accessed is restricted to project-related metadata and documentation; no access to sensitive system files or credentials was detected. - [PROMPT_INJECTION]: The skill processes git commit messages and session plans which are external inputs. While these could technically contain instructions, the skill's logic is constrained to extracting updates for markdown and JSON files. A user confirmation step is provided by default before any changes are applied, mitigating the risk of unintended actions.
Audit Metadata