session-governance-audit
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8) because it processes untrusted data from session transcripts which could contain malicious instructions or deceptive metadata intended to skew the audit results.
- Ingestion points: Session transcripts (JSONL, exported markdown, or live-session recall) as specified in the inputs section of SKILL.md.
- Boundary markers: Absent. The instructions do not specify the use of delimiters or warnings to ignore instructions embedded within the transcript data.
- Capability inventory: The skill utilizes shell-based verification methods including 'git log', 'git show', 'test -f', 'grep', and 'git branch' as described in the Workflow section of SKILL.md.
- Sanitization: Absent. There are no instructions for escaping or validating the content extracted from transcripts before passing it to shell commands or incorporating it into the final report.
- [COMMAND_EXECUTION]: The skill performs shell operations ('git', 'test', 'grep') based on data parsed from external transcripts. This creates a potential command injection vector if artifact names or commit messages in the transcript contain shell metacharacters that are not properly sanitized before execution.
Audit Metadata