session-start
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Command Execution (LOW): The skill performs local shell operations including directory creation and file writing using standard utilities like
mkdir,echo, andcat. It also executesgitcommands to capture repository state. While these actions align with the skill's stated purpose, the shell scripts do not employ strict variable quoting or escaping. - Prompt Injection (LOW): The skill exhibits an indirect prompt injection surface through the use of untrusted user data in shell commands.
- Ingestion points: The
$ARGUMENTSvariable, which originates from user input, is interpolated directly into session filenames and file content within bash scripts. - Boundary markers: Absent. There are no markers to distinguish between data and instructions when variables are expanded in the shell context.
- Capability inventory: The skill executes bash commands that can write to the filesystem and interact with the git CLI.
- Sanitization: Absent. The skill does not validate or escape shell metacharacters in the
$ARGUMENTSvariable before execution (e.g., backticks or subshells could be triggered during interpolation). - Dynamic Execution (LOW): The skill generates shell commands dynamically based on a fixed template and user input. This is a low-risk pattern but contributes to the injection surface mentioned above.
Audit Metadata