done
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses Git commands (
git branch,git merge-base,git diff) to extract session metadata and identify changed files. These operations are performed locally and are consistent with the skill's stated purpose of session summarization. - [INDIRECT_PROMPT_INJECTION]: The skill processes the 'full conversation' to generate summaries, decisions, and follow-ups. This creates an attack surface where malicious content within the conversation (e.g., from an external tool's output or user input) could influence the agent's summary generation.
- Ingestion points: The entire conversation history is used as input for the summary generation in Step 2.
- Boundary markers: None are specified to distinguish between system instructions and conversation content.
- Capability inventory: The skill has permissions to read, write, and edit files within the designated Obsidian vault path, as well as execute Git commands.
- Sanitization: No specific sanitization or filtering is applied to the conversation content before processing.
Audit Metadata