session-reflection
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill's primary function is to ingest session history, git logs, and user interventions to update project configuration files (CLAUDE.md, AGENTS.md). This process presents an indirect prompt injection surface where malicious instructions embedded in processed logs or external data could be promoted to permanent system rules.
- Ingestion points: SKILL.md specifies that the agent analyzes conversation history, git log, memory files, and session logs.
- Boundary markers: The skill documentation suggests using managed markers (e.g., ) in configuration files to delimit generated content.
- Capability inventory: The skill is designed to write directly to project instructions and configuration files that define agent behavior and security constraints.
- Sanitization: No explicit sanitization or filtering of the ingested history data is mentioned before it is used to generate or refine instructions.
- [COMMAND_EXECUTION]: The documentation provides an installation command 'npx skills add jwilger/agent-skills' to facilitate the use of related tooling.
- [EXTERNAL_DOWNLOADS]: The skill uses the 'npx' command to fetch and execute additional components from the vendor's repository.
Audit Metadata