session-reflection
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill establishes a process where the agent updates its own core instruction files (CLAUDE.md, AGENTS.md, and .team/coordinator-instructions.md) based on session reflection. This creates a surface for indirect prompt injection if adversarial content is present in the analyzed session history or git logs.\n
- Ingestion points: SKILL.md (Analyze Session History section) instructs the agent to examine conversation history, git logs, memory files, and WORKING_STATE.md.\n
- Boundary markers: No specific boundary markers or 'ignore' directives are specified for the input data sources to prevent the agent from obeying instructions embedded within them.\n
- Capability inventory: The skill grants the agent the authority to modify behavioral configuration files that are loaded at the start of every session.\n
- Sanitization: No sanitization or filtering of the feedback is provided before the agent promotes 'advisory' gaps to 'structural' (MUST/NEVER) instructions.\n- [SAFE]: No evidence of code obfuscation, hardcoded credentials, or unauthorized network operations was found. The skill relies on local markdown files for state persistence and uses standard documentation for installation procedures from the author's repository.
Audit Metadata