session-commit
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local bash script (
scripts/preflight.sh) to initialize or repair project documentation files. This script performs routine tasks such as checking file existence, creating symlinks (e.g., linking CLAUDE.md to AGENTS.md), and generating default template content. These operations are limited to the project directory. - [EXTERNAL_DOWNLOADS]: Installation instructions in the README reference the author's official GitHub repository (
olshansk/agent-skills) for downloading skill components and installation via package managers. These resources are consistent with the skill's ownership and stated purpose. - [PROMPT_INJECTION]: The skill is subject to an indirect prompt injection surface because it processes conversation history to identify and extract learnings.
- Ingestion points: The agent reads the current conversation context and existing markdown files within the repository root.
- Boundary markers: No explicit delimiters are used to wrap or isolate ingested conversation content during processing.
- Capability inventory: The skill utilizes
Read,Write,Edit, andBashtools, granting it the ability to modify the local file system and execute shell commands. - Sanitization: The skill mitigates risks by implementing a strict human-in-the-loop workflow. It must present a structured proposal of changes to the user and wait for explicit confirmation via the
AskUserQuestiontool before performing any write or edit operations.
Audit Metadata