Skills
skills/alibaba/higress/agent-session-monitor/Gen Agent Trust Hub

agent-session-monitor

Pass

Audited by Gen Agent Trust Hub on Mar 19, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The main.py script uses os.system to execute terminal clear commands for its real-time monitor display.
  • [DATA_EXFILTRATION]: The skill accesses system-level logs in /var/log containing conversation history and stores them in local JSON files.
  • [DATA_EXFILTRATION]: The webserver.py script hosts an unauthenticated web server on 0.0.0.0, potentially exposing session data to the local network.
  • [DATA_EXFILTRATION]: The web server in scripts/webserver.py uses the id parameter to construct file paths without sanitization (e.g., self.data_dir / f"{session_id}.json"), allowing potential access to any JSON file on the system.
  • [PROMPT_INJECTION]: The skill processes logs containing user-supplied content, creating an indirect prompt injection surface if this data is consumed by other agents. * Ingestion points: main.py parses conversation data from Higress access logs. * Boundary markers: Data is parsed into structured JSON format. * Capability inventory: The skill performs file writes (main.py), hosts an HTTP server (webserver.py), and executes shell commands (os.system in main.py). * Sanitization: Basic HTML escaping is performed in the web UI, but JSON API responses are served without additional sanitization.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 19, 2026, 03:13 AM