session-reset
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill creates an indirect prompt injection surface by using a local file (
PROMPT.md) to store and later restore session state. - Ingestion points: The agent reads the
PROMPT.mdfile from the project root during the restoration phase (Step 5). - Boundary markers: The instructions do not specify any boundary markers or instructions to treat the content of
PROMPT.mdas untrusted data when it is read back into the context. - Capability inventory: The agent has permissions to perform filesystem operations, execute git commands (including pushing to remote repositories), and manage agent team configurations (shutdown and deletion).
- Sanitization: There is no evidence of sanitization or validation of the data read from
PROMPT.mdbefore it is used to influence the agent's subsequent actions. - [DATA_EXFILTRATION]: The skill facilitates the pushing of code to remote repositories. While this is an intended function of the workflow, it includes a positive security check to detect and prevent the accidental exposure of credentials and secrets.
Audit Metadata