track-session
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates an indirect prompt injection surface by reading and processing the 'SESSION_PROGRESS.md' file located in the project root.
- Ingestion points: The agent reads 'SESSION_PROGRESS.md' whenever the '/track-session resume' or '/track-session verify' commands are used to restore state or validate work.
- Boundary markers: The instructions do not specify boundary markers or 'ignore' directives for the content within the session file, which could lead the agent to mistakenly follow instructions embedded by an external actor within the plan or decision sections.
- Capability inventory: The skill allows the agent to read and modify project files and execute local test commands (e.g., 'npm test' as mentioned in VERIFICATION.md) based on the session state.
- Sanitization: There is no logic provided to sanitize or filter potential malicious instructions found within the session file's text fields before they are incorporated into the agent's context.
Audit Metadata