Skills
skills/team-attention/plugins-for-claude-natives/session-wrap/Gen Agent Trust Hub

session-wrap

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [Command Execution] (SAFE): The skill runs 'git status' and 'git diff' to gather repository context. These are standard read-only operations used to inform the agent's analysis.
  • [Prompt Injection] (LOW): The skill presents an indirect prompt injection surface as it processes untrusted content from git diffs and session history to generate suggestions for commits and automations. 1. Ingestion points: Git diff output and session history summarized in Step 2. 2. Boundary markers: The prompts for sub-agents do not use explicit delimiters to isolate untrusted session data. 3. Capability inventory: The skill has the ability to create commits, update files, and generate new automation skills. 4. Sanitization: No input filtering or escaping is performed on the ingested data. The presence of a mandatory human-in-the-loop validation step via 'AskUserQuestion' effectively mitigates the risk of automated exploitation.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:23 PM