worklog
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on running shell commands like 'worklog', 'ls', and 'cat' to manage session files and provide context to the agent.
- [PROMPT_INJECTION]: The skill processes untrusted natural language input from the user and includes it in shell command arguments, creating an attack surface for command injection.
- Ingestion points: User descriptions of goals, steps, and notes are used as input for the 'worklog' commands.
- Boundary markers: The skill instructions do not specify any delimiters or ignore-instructions for the data passed to the shell.
- Capability inventory: The agent can execute the 'worklog' CLI and read or write files within the '~/worklogs/' directory.
- Sanitization: The instructions focus on formatting the user's input for clarity but do not require escaping special characters that could be interpreted by the shell.
Audit Metadata