session-navigation
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): Uses system utilities (ls, grep, rg, jq, wc, cat) to interact with local files. These are standard operations for a file management skill and do not involve shell injection or elevated privileges.
- [DATA_EXPOSURE] (SAFE): Accesses session logs in ~/.factory/sessions/. While these files may contain sensitive project data, the access is restricted to the local user's own directory and is required for the skill's purpose.
- [PROMPT_INJECTION] (LOW): Risk of Indirect Prompt Injection. \n
- Ingestion points: Reads previous conversation logs from JSONL files. \n
- Boundary markers: None mentioned. \n
- Capability inventory: Shell command execution via subprocess for searching and reading files. \n
- Sanitization: None mentioned. \nNote: This finding is downgraded to SAFE as the capability is essential for the skill's primary purpose.
Audit Metadata