ce-sessions
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses dynamic context injection placeholders to execute shell commands when the skill is loaded. It runs
git rev-parse --path-format=absolute --git-common-dirandgit rev-parse --abbrev-ref HEADto resolve the repository name and current branch. These are standard developer operations for environment discovery and do not involve exfiltration or unauthorized access. - [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection because it processes untrusted data from past agent sessions.
- Ingestion points: Reads session history through the
ce-session-historiandispatch. - Boundary markers: None identified in the dispatch instructions to delineate historical data from the current task prompt.
- Capability inventory: Dispatches tasks to other agent skills and retrieves user-provided context.
- Sanitization: No explicit sanitization or filtering of historical content is mentioned before it is processed by the agent.
Audit Metadata