post-session
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection during the AI-powered summarization of terminal recordings.
- Ingestion points: Untrusted terminal recording data from .cast and .txt files in the ~/eon directory.
- Boundary markers: No delimiters or safety instructions are used to isolate recorded data from agent instructions.
- Capability inventory: The skill possesses Bash execution and file writing capabilities.
- Sanitization: No sanitization is performed on terminal output before it is summarized by the AI.
- [COMMAND_EXECUTION]: The skill executes local bash commands to manage processes and files. It uses ps to identify running recordings and find to locate files in the user directory.
- [CREDENTIALS_UNSAFE]: Troubleshooting advice recommends running 'echo $GH_TOKEN', which leads to the exposure of sensitive GitHub tokens in the shell's command history file.
Audit Metadata