Skills
skills/oliver-kriska/claude-elixir-phoenix/analyze-session/Gen Agent Trust Hub

analyze-session

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) as it processes untrusted session transcripts and passes them to subagents for analysis without protective measures.
  • Ingestion points: Untrusted data is ingested from .claude/sessions-to-analyze.md and through message content retrieved via the mcp__ccrider__get_session_messages tool.
  • Boundary markers: The prompt for the Sonnet and Haiku subagents lacks explicit delimiters or "ignore embedded instructions" warnings to prevent the model from obeying commands hidden within the transcripts.
  • Capability inventory: The skill possesses capabilities to read files, create directories, write files to the local .claude/ directory, and spawn subagents.
  • Sanitization: No escaping, validation, or filtering is applied to the session messages before they are provided to the subagents for analysis.
  • [EXTERNAL_DOWNLOADS]: The skill relies on an external, untrusted third-party MCP to function.
  • Evidence: It requires the installation of ccrider from https://github.com/neilberkman/ccrider, which is not a verified or trusted vendor listed in the security policy.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 09:45 PM