Skills
skills/elithrar/dotfiles/summarize-work/Gen Agent Trust Hub

summarize-work

Pass

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes several local commands to gather context for work summarization.
  • Uses curl to interact with a local API server at http://localhost:4096 to fetch session metadata, messages, and todo items.
  • Executes git diff, git diff --cached, and git log to analyze local repository state.
  • Utilizes sqlite3 to query the local database at ~/.local/share/opencode/opencode.db as a fallback mechanism.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the processing of untrusted data.
  • Ingestion points: Fetches message content and titles from previous agent sessions via the /session/<SESSION_ID>/message API endpoint.
  • Boundary markers: Instructions do not specify explicit delimiters or "ignore" instructions when interpolating fetched session text into the summarization prompt.
  • Capability inventory: The agent possesses the ability to execute shell commands (curl, git, sqlite3) and read local files.
  • Sanitization: There is no evidence of sanitization or filtering of the historical session text before it is processed by the LLM for summarization.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 10, 2026, 03:33 AM