insights
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill processes untrusted session transcripts in facet-extraction.md and analysis-prompts.md without robust boundary markers (e.g., XML tags or delimiters). A malicious session transcript could contain instructions to divert the analysis or influence the generated report contents. Mandatory Evidence Chain: 1. Ingestion points: Session files collected from CLI storage paths (e.g., ~/.claude/projects). 2. Boundary markers: Absent; transcripts are interpolated directly into prompts. 3. Capability inventory: File reading, shell orchestration, and LLM-based report generation. 4. Sanitization: Absent.
- Command Execution (SAFE): Shell scripts (bash) and Python-based templating are used for local data processing and report generation. The Python logic in generate-report.sh uses json.dumps to ensure valid serialization of extracted data.
Audit Metadata