distill-session
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [NO_CODE]: The entire skill is comprised of markdown documentation, instructional phases, and prompt templates. There are no executable files (e.g., .py, .js, .sh) or scripts included in the package.
- [SAFE]: The skill operates by saving and reading session logs in a dedicated local directory (
.omc/distill-sessions/). It does not attempt to access sensitive system files (such as.ssh,.aws, or.env), nor does it include commands for network exfiltration likecurlorwget. - [PROMPT_INJECTION]: The skill facilitates the analysis of external data (previous model outputs) which constitutes an indirect prompt injection surface.
- Ingestion points: Untrusted data enters the context when the user or agent pastes model outputs into files within
.omc/distill-sessions/for analysis in Phase 1 and Phase 2. - Boundary markers: The instructions use structured markdown headers and explicit XML-style tags (
<extraction>) to separate the data being analyzed from the reasoning instructions. - Capability inventory: The skill itself provides no automation or executable capabilities (e.g., no subprocess calls, network access, or
evalfunctions), relying entirely on the host agent's native reasoning abilities. - Sanitization: No specific sanitization or filtering is prescribed for the ingested data, but the lack of executable capabilities mitigates the risk of instructions in the data being inadvertently executed.
Audit Metadata