gemini-session-management
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): The skill uses strong instructional language such as 'MANDATORY', 'STOP', and 'EXCLUSIVELY'. However, these are used to enforce a specific workflow (referencing official documentation) rather than to bypass safety filters or override system constraints.
- Data Exposure & Exfiltration (SAFE): The skill references a specific path for session storage (
~/.gemini/tmp/), which is standard for the application's operation. It does not attempt to access unrelated sensitive files like credentials or SSH keys. - Unverifiable Dependencies & Remote Code Execution (SAFE): No remote scripts or external package installations are initiated. The bash commands listed are for local user interaction with the Gemini CLI.
- Indirect Prompt Injection (LOW): The skill defines a surface for processing session data and settings. While it lacks explicit sanitization instructions for session content, this is a standard operational surface for a session management tool and poses a low risk in this context.
Audit Metadata