Skills
skills/catlog22/claude-code-workflow/session-sync/Gen Agent Trust Hub

session-sync

Pass

Audited by Gen Agent Trust Hub on Apr 6, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill script utilizes direct string substitution for the $ARGUMENTS token within a JavaScript execution block. Patterns such as const userSummary = "$ARGUMENTS".replace(...) create a risk where a user-supplied argument containing double quotes or other control characters could break out of the string literal to execute arbitrary JavaScript or shell commands via the available Bash() tool.
  • [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection because it processes untrusted data to perform documentation updates.
  • Ingestion points: The skill ingests data from git diff, git log, and session-specific JSON files located in .workflow/.lite-plan/.
  • Boundary markers: The instructions do not define clear boundaries or 'ignore' instructions to prevent the agent from obeying commands embedded within the git history or session plans during the extraction phase.
  • Capability inventory: The skill has access to powerful tools including Bash (used for ccw CLI operations), Write, and Read.
  • Sanitization: There is no logic present to sanitize or escape the content retrieved from external git commands or session files before it is used by the LLM or written back to the file system.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 6, 2026, 11:10 AM
Security Audit — agent-trust-hub — session-sync