ce-sessions
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses dynamic context injection via the
!git rev-parsecommand to identify the active Git branch. This command runs locally to provide context for the session history search and does not involve network access or sensitive file modification.- [PROMPT_INJECTION]: The skill processes user questions about session history, creating an indirect prompt injection surface. - Ingestion points: User input from the command argument or interactive prompts is passed to the
ce-session-historiansub-agent. - Boundary markers: None identified; the user's question is interpolated directly into the task prompt for the sub-agent.
- Capability inventory: The skill dispatches tasks to another agent and uses standard user-interaction tools.
- Sanitization: The skill explicitly instructs the agent to avoid passing literal command strings, which provides a basic level of protection against certain injection patterns, though no structural sanitization (like escaping) is implemented.
Audit Metadata