Skills
skills/willsigmon/sigstack/Session Summary Generator/Gen Agent Trust Hub

Session Summary Generator

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [Indirect Prompt Injection] (HIGH): The skill ingests git commit messages and diff logs which are external, untrusted inputs. If a commit message contains malicious instructions, the agent may execute them while generating the summary.
  • Ingestion points: Git commit history (git log) and short stats (git diff) in SKILL.md.
  • Boundary markers: Absent. The instructions do not define delimiters or warn the agent to ignore instructions embedded within the git data.
  • Capability inventory: Bash (arbitrary command execution) and Write (file system modification).
  • Sanitization: None. The skill directly translates git output into a summary document and provides a shell environment for processing.
  • [Command Execution] (MEDIUM): The skill requests the Bash tool. While intended for git stats, the lack of restriction on command arguments allows the agent to execute any shell command if its logic is subverted.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 05:38 AM