past-conversations
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill introduces a surface for indirect prompt injection by instructing the agent to query and process historical message content.
- Ingestion points: Past conversation data is ingested from the 'part' table within the local SQLite database at '~/.local/share/opencode/opencode.db'.
- Boundary markers: The instructions do not define clear delimiters or provide the agent with guidance to ignore any instructions embedded within the retrieved conversation data.
- Capability inventory: The skill uses the 'sqlite3' command-line utility to perform data retrieval.
- Sanitization: No sanitization, filtering, or validation logic is present to ensure that the retrieved text from the 'data' field does not contain malicious prompts or control sequences.
Audit Metadata