session-to-post
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes standard system and development commands including git, find, wc, and package-specific test runners (cargo, npm, pytest) to gather session metrics and history. These operations are limited to data extraction for documentation purposes.
- [PROMPT_INJECTION]: The skill processes data from the local environment (such as git commit messages and file contents) to generate content, which presents an indirect prompt injection surface.
- Ingestion points: modules/session-extraction.md (extracts git history and file content).
- Boundary markers: Absent; the templates in modules/narrative-structure.md do not include specific delimiters to isolate external content from instructions.
- Capability inventory: The skill is configured with Bash and Write capabilities in SKILL.md.
- Sanitization: No explicit sanitization or filtering of the extracted session data is performed before it is used in prompt templates.
Audit Metadata