cosense
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill relies on
bunx cosense, which downloads and executes thecosensepackage from the npm registry at runtime. - [COMMAND_EXECUTION]: The skill operates by executing shell commands via the
bunxrunner to interact with the Cosense service for fetching, searching, and creating wiki pages. - [CREDENTIALS_UNSAFE]: Authentication is performed using a session ID (
connect.sid). The skill documentation instructs users to set this token via command-line arguments (e.g.,bunx cosense profile set personal --sid <connect.sid>), which can expose the secret in shell history and process monitoring tools. - [PROMPT_INJECTION]: The skill retrieves arbitrary text content from external wiki pages, creating a surface for indirect prompt injection where malicious instructions could influence the agent's behavior.
- Ingestion points: The
page get,page search, andexportcommands fetch content from the external Cosense service into the agent's context. - Boundary markers: No explicit delimiters or instructions are used to separate external wiki content from the agent's internal logic.
- Capability inventory: The skill possesses the ability to execute shell commands and modify wiki content based on the data it processes.
- Sanitization: No sanitization or validation mechanisms are described for the content retrieved from external sources.
Audit Metadata