distill-session
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes the
gh apicommand to retrieve a list of repository collaborators from GitHub. This is used to prioritize feedback from administrators or maintainers during the distillation process. As GitHub is a well-known service, this is considered a safe operation for this use case. - [DATA_EXFILTRATION]: The skill accesses project-specific files such as
MEMORY.mdandCLAUDE.mdto identify existing knowledge. While it reads session history and local data, there is no evidence of this data being sent to unauthorized external destinations. - [PROMPT_INJECTION]: The skill scans the entire conversation history for lessons, which creates a surface for indirect prompt injection if the conversation contains malicious instructions. However, the skill includes a filtering step and a mandatory human-in-the-loop confirmation (
AskUserQuestion) before any changes are applied to the filesystem or project configuration.
Audit Metadata