improve-skill
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/extract-session.jsreads session log files from the user's home directory. This script accesses chat history for agents like Claude Code, Pi, and Codex. - Evidence: The script reads files from paths including
~/.claude/projects/,~/.pi/agent/sessions/, and~/.codex/sessions/. - [PROMPT_INJECTION]: The skill facilitates a workflow that incorporates untrusted session data into an agent prompt, presenting a risk of indirect prompt injection.
- Ingestion points: Data is sourced from local agent logs via
scripts/extract-session.js. - Boundary markers: The prompt template uses
<session_transcript>tags to isolate the untrusted content. - Capability inventory: The resulting instructions ask the agent to perform file-write operations based on the processed transcript.
- Sanitization: No content validation or sanitization of the extracted transcripts is implemented.
Audit Metadata