session-logger
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface due to its core function of reading and summarizing conversation history which may contain malicious instructions.
- Ingestion points: The skill reads the active conversation history to extract metadata, summaries, and technical notes as defined in SKILL.md.
- Boundary markers: There are no explicit delimiters or 'ignore' instructions implemented to prevent the agent from accidentally obeying commands embedded in the text it is currently logging.
- Capability inventory: The skill has access to the Bash, Read, Write, and Edit tools, allowing for significant system impact if an injection is successful.
- Sanitization: The skill lacks logic to sanitize or filter the content captured from the conversation history before it is processed by the agent.
- [COMMAND_EXECUTION]: The skill requests Bash, Write, and Edit permissions in its metadata frontmatter. While these are used for the intended purpose of creating and organizing log files in the sessions/ directory, the combination of shell access and untrusted data processing constitutes a risk factor.
Audit Metadata