session-recorder
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill's instructions require the agent to execute a Python script while passing the entire unedited session history as a command-line argument. This presents a risk of command injection if the session content contains shell-active characters (such as backticks, semicolons, or dollar signs) and the underlying shell execution environment does not properly escape these characters.
- [PROMPT_INJECTION]: The skill creates an indirect prompt injection surface by ingesting and storing untrusted data from the session history.
- Ingestion points: The
<full_unedited_session_content>parameter defined in the command section ofSKILL.md. - Boundary markers: No boundary markers or delimiters are used to encapsulate the content within the CLI command or the resulting log file.
- Capability inventory: The skill performs local file system writes via
scripts/record_session.pyto the user's home directory (~/daily_work). - Sanitization: No sanitization, filtering, or escaping of the session content is performed before it is passed to the script or appended to the markdown log file.
Audit Metadata