chronicle
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFE
Full Analysis
- Data Access Patterns: The skill reads session history including chat messages, file paths, and PR references. This access is necessary for providing summaries and performance tips and is managed through the internal
copilot_sessionStoreSqltool. - Indirect Prompt Injection Surface: Because the skill processes historical user messages from the
turnstable to generate reports, there is a potential surface for indirect instructions if past chat data contains adversarial content. - Ingestion points: Data enters the context via the
copilot_sessionStoreSqltool output (turns and checkpoints tables). - Boundary markers: The instructions do not specify explicit delimiters for the retrieved historical text.
- Capability inventory: The skill can execute read-only SQL queries and output formatted text reports to the user.
- Sanitization: There is no mention of sanitizing or filtering historical message content before analysis.
- Administrative Workflows: The skill includes maintenance workflows like reindexing. These use system settings and authenticated tools associated with the user's development environment. For data deletion, the skill intentionally guides the user to a manual command, providing a safeguard against accidental history removal.
Audit Metadata