Skills
skills/ed3dai/ed3d-plugins/review-session/Gen Agent Trust Hub

review-session

Pass

Audited by Gen Agent Trust Hub on Apr 5, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a local Python script reduce-transcript.py located within the plugin's directory. This script is used to pre-process the transcript before analysis.
  • Evidence: python3 "${CLAUDE_PLUGIN_ROOT}/scripts/reduce-transcript.py" "<transcript_path>" "/tmp/session-review/reduced.txt" in SKILL.md.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests session transcripts which may contain untrusted data from previous agent interactions (e.g., content from web pages or files).
  • Ingestion points: The skill reads session transcript files (.jsonl) provided by the user or the environment (SKILL.md, Step 1).
  • Boundary markers: There are no explicit delimiters or instructions to the subagent to ignore embedded commands within the transcript data (SKILL.md, Step 3).
  • Capability inventory: The skill possesses the ability to execute shell commands (via python3) and invoke subagents (SKILL.md, Step 2 & 3).
  • Sanitization: No sanitization or filtering of the transcript content is performed before it is passed to the reviewer agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 5, 2026, 12:50 PM