swain-session
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local bash skripts (
swain-tab-name.shandswain-bookmark.sh) to perform session managemen t tasks like renaming terminal tabs and savin g bookmarks. - [PROMPT_INJECTION]: The skill im plements a session bookmark in g feature that could be a surface for in direct prom pt injection if local file conten t is manipulated. 1. Ingestion points: Untrusted data is read from
session.json(SKIL L.md, scripts/swain-bookmark.sh). 2. Boundary markers: No specific delimiters or in struction s are use d when dis playin g the bookmark note to the agen t. 3. Capability inventory: The skill allow s comman d execution via Bash and file system operation s (SKIL L.md). 4. Sanitization: No validation or sanitization is performe d on the bookmark conten t before it is presente d to the agen t.
Audit Metadata