session-workflow
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes several local PowerShell scripts, such as build.ps1 and test.ps1, to perform quality gate checks during session landing.
- [COMMAND_EXECUTION]: Relies on the external bd (beads) CLI tool to manage task states, sync session context, and update issue tracking.
- [PROMPT_INJECTION]: Employs strict process directives and mandatory rules, such as 'NEVER stop before pushing', to ensure the agent adheres to the full session lifecycle.
- [PROMPT_INJECTION]: Ingests potentially untrusted external data from issue descriptions (via bd show) and agent communications (via fetch_inbox) without explicit boundary markers, presenting an indirect injection surface.
- [DATA_EXFILTRATION]: Utilizes git push and bd sync to transmit workspace changes and session metadata to remote repositories for state persistence.
Audit Metadata