recall
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill accesses local agent transcripts and project metadata (PRs, issues) to reconstruct working context. This behavior is consistent with its stated purpose as a developer utility for summarizing work history and utilizes standard system tools like ls, grep, git, and gh for data retrieval.
- [PROMPT_INJECTION]: The skill processes historical chat data and external reports, creating an indirect prompt injection surface.
- Ingestion points: Historical JSONL chat transcripts located in the ~/.cursor/projects/ directory and external project data from source control and issue trackers.
- Boundary markers: The instructions do not specify explicit delimiters to isolate historical data from the agent's active instructions during ingestion.
- Capability inventory: The skill instructs the agent to spawn subagents and execute file system and version control commands (ls, grep, git, gh).
- Sanitization: The skill includes a specific directive to sanitize private context before generating any public output.
Audit Metadata