record-session
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands to run local Python scripts (
get_context.py,add_session.py,task.py) located in the./.trellis/scripts/directory for task management and session logging. - [PROMPT_INJECTION]: The skill provides a surface for indirect prompt injection as it ingests arbitrary user text via command-line flags and standard input to update journal files.
- Ingestion points: The
add_session.pyscript takes data via--titleand--summaryarguments, as well as multi-line content through standard input. - Boundary markers: There are no explicit markers or instructions to treat the ingested text as untrusted content.
- Capability inventory: The skill is designed to execute scripts that modify local filesystem logs (
journal-N.md,index.md). - Sanitization: Input sanitization or validation logic is not specified in the skill instructions.
Audit Metadata