Skills
skills/fimoklei/pm-ai-playbook/session-summarizer/Gen Agent Trust Hub

session-summarizer

Pass

Audited by Gen Agent Trust Hub on Mar 8, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands, including ls, cat, sed, git log, and git diff, to retrieve context from the local filesystem and version control history.
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection (Category 8) by processing untrusted external data.
  • Ingestion points: The agent reads content from local files located at ~/.claude/projects/.../summary.md and retrieves history from git log and git diff.
  • Boundary markers: There are no explicit delimiters or instructions provided to the agent to ignore or isolate potential commands embedded within the retrieved file content or commit messages.
  • Capability inventory: The skill has the ability to execute shell commands and read local files, which could be leveraged if the agent inadvertently follows instructions found in the ingested data.
  • Sanitization: The skill does not implement validation or sanitization of the data retrieved from the filesystem or Git before it is integrated into the session context.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 8, 2026, 06:46 PM