wrap-session
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing and summarizing untrusted data from project files and session history.
- Ingestion points: The workflow reads README.md, CHANGELOG.md, and conversation highlights in SKILL.md steps 2, 3, and 5.
- Boundary markers: No delimiters or specific warnings are used when interpolating ingested content into documentation templates or the Next Session Prompt.
- Capability inventory: The skill has file write access to the project root and AGENTS/ directory, and it generates prompts that influence future agent behavior.
- Sanitization: The skill does not perform any sanitization, filtering, or escaping of ingested text before including it in summaries or logs.
Audit Metadata