night-park
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it summarizes conversation history—which may contain untrusted data from external sources analyzed during the session—and persists it into project files and memory tools that are indexed by future sessions.\n
- Ingestion points: Analyzes the active conversation history (referenced in Step 3 and Step 10 of SKILL.md).\n
- Boundary markers: None. The content is written directly into structured Markdown sections without delimiters or 'ignore' warnings for the summarized content.\n
- Capability inventory: File-write access to the project root (
docs/handoffs/), memory persistence viamem_save, and session recording viamem_session_summary.\n - Sanitization: None. The agent is instructed to write substantive summaries based on the conversation without validation or escaping of the ingested text.\n- [COMMAND_EXECUTION]: The skill executes a shell command to retrieve necessary system state.\n
- Evidence: Step 1 uses
echo "$CLAUDE_CODE_SESSION_ID"to fetch the current session identifier for inclusion in the handoff document and resume instructions.
Audit Metadata