session-reporter
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash
opencommand to automatically launch the generated HTML file in the user's default browser. This is an expected behavior for this skill's functionality, but it is the final step in the risk chain involving untrusted content. - [DATA_EXPOSURE]: The skill explicitly gathers information from the session, including conversation history, code changes, and execution results. While the purpose is to provide a report to the user, this involves reading potentially sensitive information from the current session context.
- [INDIRECT_PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection. It ingests untrusted data from the conversation history, code changes, and execution outputs (Ingestion points: SKILL.md, Section 2) and interpolates this data into an HTML template (
templates/report.html) without explicit sanitization or boundary markers (Sanitization: Absent). This data is then rendered in a browser via theopencommand (Capability inventory: Bashopenin SKILL.md, Section 4), creating a risk where malicious content previously introduced into the session (e.g., via a malicious file read or command output) could execute scripts in the context of the generated report.
Audit Metadata