night-park

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it summarizes conversation history—which may contain untrusted data from external sources analyzed during the session—and persists it into project files and memory tools that are indexed by future sessions.\n
  • Ingestion points: Analyzes the active conversation history (referenced in Step 3 and Step 10 of SKILL.md).\n
  • Boundary markers: None. The content is written directly into structured Markdown sections without delimiters or 'ignore' warnings for the summarized content.\n
  • Capability inventory: File-write access to the project root (docs/handoffs/), memory persistence via mem_save, and session recording via mem_session_summary.\n
  • Sanitization: None. The agent is instructed to write substantive summaries based on the conversation without validation or escaping of the ingested text.\n- [COMMAND_EXECUTION]: The skill executes a shell command to retrieve necessary system state.\n
  • Evidence: Step 1 uses echo "$CLAUDE_CODE_SESSION_ID" to fetch the current session identifier for inclusion in the handoff document and resume instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 08:40 AM
Security Audit — agent-trust-hub — night-park