Skills
skills/guardzcom/skills/session-checkpoint/Gen Agent Trust Hub

session-checkpoint

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [Indirect Prompt Injection] (LOW): The skill ingests untrusted data from the conversation context and interpolates it into checkpoint files.
  • Ingestion points: Conversation context used in 'Gather State' (Step 3).
  • Boundary markers: Absent; checkpoint files use standard markdown headers without explicit delimiters or instructions to ignore embedded content.
  • Capability inventory: Executes bash for git operations and rm for cleanup; performs file writes/edits in the project directory.
  • Sanitization: The skill sanitizes the checkpoint name (lowercase, dash replacement) but does not sanitize the content generated from the conversation context.
  • [Command Execution] (SAFE): Uses bash to run git commands and rm. The input to the rm command (the checkpoint name) is sanitized to prevent path traversal, which is a significant security control.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:22 PM