session-search
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides numerous examples for executing shell commands including
sqlite3,curl,grep, andlss. These are utilized to interact with local databases, REST APIs on localhost, and workspace files for session management and search. \n- [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection by retrieving and processing historical conversation data. \n - Ingestion points: Data enters the agent's context through
session_gettool calls, SQLite query results, andgrep/lsssearch results from the/workspace/.local/share/opencode/directory. \n - Boundary markers: No specific boundary markers or instructions to ignore embedded prompts are included in the retrieval workflow. \n
- Capability inventory: The agent can execute local shell commands, perform network requests to localhost, and delete session data. \n
- Sanitization: There is no evidence of sanitization or filtering of historical content before it is re-ingested into the agent's prompt.
Audit Metadata