record-session
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill involves executing local Python scripts (
./.trellis/scripts/get_context.py,./.trellis/scripts/add_session.py, and./.trellis/scripts/task.py) to automate the management of session journals and task statuses. - [SAFE]: Analysis for indirect prompt injection potential reveals: 1. Ingestion points: The skill reads from git logs, diffs, and task.json files via the agent. 2. Boundary markers: None are specified in the interaction instructions. 3. Capability inventory: Execution of local workspace scripts and write operations to the .trellis/workspace journal files. 4. Sanitization: No sanitization or filtering of commit-based input is documented. These factors are considered safe within the context of the skill's intended use for development tracking.
- [DATA_EXFILTRATION]: All operations are restricted to the local filesystem and git history; no network exfiltration patterns or unauthorized data access were detected.
- [PROMPT_INJECTION]: There are no detected instructions intended to override core agent safety protocols or bypass constraints.
Audit Metadata