analyze-chat-session
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it analyzes the 'current chat context' or 'entire conversation,' which may contain untrusted data from previous tool outputs or user-provided content. This could allow malicious instructions embedded in that history to influence the analysis report.
- Ingestion points: Conversation history is extracted as the primary input in SKILL.md (Phase 1).
- Boundary markers: Absent. The instructions do not define specific delimiters to isolate the ingested conversation content from the analysis logic.
- Capability inventory: The skill can propose updates to other skill files ('.claude/commands/*.md') and draft external reports (GitHub issues), which are sensitive downstream actions.
- Sanitization: The skill contains detailed redaction rules for sensitive SAP technical and business data, but lacks sanitization or filtering for instructional text that might attempt to hijack the LLM's logic.
Audit Metadata