session-wrap-up
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill analyzes conversation history and git changes to identify lessons and update persistent agent instructions such as CLAUDE.md and .cursorrules.
- Ingestion points: The skill ingests untrusted data from the conversation history and the current repository state via git log, status, and diff (SKILL.md).
- Boundary markers: There are no specific delimiters or instructions to ignore embedded malicious content when the agent processes the session history.
- Capability inventory: The skill possesses file-write capabilities across the project directory and executes git subprocesses to gather context.
- Sanitization: No explicit validation or sanitization is performed on the data extracted from the session before it is proposed as a durable instruction update.
- [COMMAND_EXECUTION]: The skill uses local command-line tools to perform its primary function.
- Evidence: Executes git log, git status, and git diff to analyze session activity (SKILL.md). Additionally, internal instructions suggest running a validation script (quick_validate.py) located in the user's home directory (AGENTS.md).
Audit Metadata