Skills
skills/nguyenthienthanh/aura-frog/session-continuation/Gen Agent Trust Hub

session-continuation

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill provides a surface for indirect prompt injection and path traversal through user-controlled input.\n
  • Ingestion points: The <workflow-id> parameter in the workflow:resume and workflow:handoff commands in SKILL.md.\n
  • Boundary markers: Absent. There are no instructions for the agent to validate input or treat the resulting path as a constrained string.\n
  • Capability inventory: The skill requires Read, Write, and Bash tools to manage filesystem state in SKILL.md.\n
  • Sanitization: Absent. The skill does not define validation logic to prevent directory traversal sequences (e.g., ../) in the workflow ID.\n- [COMMAND_EXECUTION]: The skill uses the Bash tool for routine project maintenance and state management.\n
  • Evidence: Shell commands are used to list workflow states and manage state directories within the project's .claude/ directory as described in SKILL.md.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 05:11 PM