project-session-management
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill involves the execution of a local shell script (resume.sh) and standard git commands to manage project state. While necessary for the skill's functionality, these represent a capability surface that can be leveraged if the agent is influenced by malicious instructions.
- [INDIRECT_PROMPT_INJECTION] (HIGH): The skill possesses a high-risk capability profile combined with an ingestion surface for untrusted data. 1. Ingestion points: The skill explicitly reads IMPLEMENTATION_PHASES.md to generate tracking documents. 2. Boundary markers: There are no delimiters or explicit instructions provided to the agent to treat the contents of implementation files as untrusted data or to ignore embedded instructions. 3. Capability inventory: The skill has the authority to write files (SESSION.md) to the project root and execute local scripts (resume.sh). 4. Sanitization: No sanitization, validation, or escaping of the ingested file content is performed before it is used to determine the agent's 'Next Action'.
Recommendations
- AI detected serious security threats
Audit Metadata