tangzhan-skill-opencodeInsights
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Prompt Injection] (LOW): Indirect Prompt Injection surface detected.
- Ingestion points: The skill uses
session_readto fetch full transcripts of user interactions (untrusted external data). - Boundary markers: No explicit delimiters or instructions to ignore embedded commands within the transcripts are provided in the workflow.
- Capability inventory: The skill has file-write capabilities, creating
insight-report.htmlbased on the ingested data. - Sanitization: No sanitization or escaping of the session data is mentioned before it is injected into the HTML template placeholders or the
{{RAW_HOUR_COUNTS}}script variable. - [Data Exposure] (SAFE): The skill accesses sensitive session history, but this is consistent with its stated purpose of generating productivity insights. No evidence of network exfiltration was found.
- [Dynamic Execution] (LOW): The skill constructs an executable artifact (HTML/JavaScript) at runtime. While standard for reporting, the lack of sanitization of user-controlled session data during the injection phase could lead to script execution in the context of the generated report.
Audit Metadata