session-wrap
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is designed for session summarization and project management tasks. It operates within expected boundaries for a developer tool.
- [COMMAND_EXECUTION]: The skill executes standard, read-only git commands (
git status --short,git diff --stat,git log --oneline -n 10) to gather evidence for the summary. These commands are non-destructive and scoped to the current repository context. - [INDIRECT_PROMPT_INJECTION]: The skill has an ingestion surface where it processes data from git outputs (file names, commit messages, and diff statistics). While this data is technically untrusted, the skill does not autonomously execute code based on this content and primarily reflects it back to the user in a summarized format, posing minimal risk.
- [DATA_EXPOSURE]: Although the skill reads git diffs and logs which may contain sensitive information if committed, it does not exfiltrate this data. It only summarizes the content for the user's own session wrap-up and optionally saves it to a local file or platform-specific notepad at the user's request.
Audit Metadata