checking-session-security
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a well-documented auditing tool that follows industry best practices for evaluating session security. It references official guidance from OWASP, NIST, and MITRE.\n- [EXTERNAL_DOWNLOADS]: All external links point to reputable security research organizations or the author's official domains (intentsolutions.io, jeremylongshore.com). No executable code or suspicious packages are downloaded.\n- [DATA_EXPOSURE]: The skill's operations are confined to the local project directory for the purpose of identifying vulnerabilities. There are no patterns suggesting the exfiltration of sensitive information or credentials.\n- [INDIRECT_PROMPT_INJECTION]: As a code analysis tool, the skill naturally processes external data (source code) which constitutes an injection surface.\n
- Ingestion points: Source code files located via glob patterns like
**/auth/**,**/session/**, and configuration files likesettings.py.\n - Boundary markers: The skill does not explicitly define delimiters to separate audited code from its own instructions.\n
- Capability inventory: Tools include Read, Write, Edit, Grep, Glob, and Bash for scanning and report generation.\n
- Sanitization: No explicit sanitization of the analyzed code is performed, as the agent is instructed to perform static analysis on the content.
Audit Metadata