session-management
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes
git statusduring the session end protocol to check for uncommitted changes, which is a routine and safe operation for project management. - [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection as it automatically ingests data from local files into the active context.
- Ingestion points: The startup protocol reads data from
.claude/handoff.md,MEMORY.md, and.claude/instincts.md. - Boundary markers: No explicit delimiters or instructions are provided to the agent to treat the loaded content as untrusted or to ignore embedded instructions.
- Capability inventory: The skill has the capability to read and write to the local file system, execute git commands, and call .NET-specific MCP tools.
- Sanitization: The instructions do not define any sanitization or validation steps for the content loaded from the project's markdown files.
Audit Metadata