session-reflect
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell scripts to iterate through local repositories using
ghq listand extracts commit summaries viagit log. - [COMMAND_EXECUTION]: It uses the
findandheadcommands to locate and retrieve the contents of markdown files within the author's local directory (~/ghq/github.com/i9wa4/internal/). - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to the ingestion of local markdown notes which could contain malicious instructions. Evidence: 1. Ingestion points: reading files found in Step 1.2; 2. Boundary markers: None; 3. Capability inventory: local command execution (
git,find), creation of new skills viaskill-creator-local, and direct modification ofCLAUDE.md; 4. Sanitization: None.
Audit Metadata