recap
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes various shell commands and local scripts to aggregate session state information. Each operation is scoped to the current project or the agent's configuration directories. Evidence includes the use of
git status,git log, andfindto discover state, as well as the execution of local TypeScript (bun) and Python scripts to process metadata.\n- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by ingesting the contents of project files such as handoffs and retrospectives into the agent's context. \n - Ingestion points: Files in the
ψ/directory,CLAUDE.md, and project log files. \n - Boundary markers: Content is presented without explicit delimiters or instructions to ignore embedded commands. \n
- Capability inventory: The skill has the ability to read project files and execute local commands. \n
- Sanitization: Content is read and summarized without filtering or escaping techniques. This surface is considered a low risk given the skill's primary orientation purpose.
Audit Metadata