skills/ngmeyer/skills/session-close/Gen Agent Trust Hub

session-close

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFE
Full Analysis
  • [INDIRECT_PROMPT_INJECTION]: The skill represents an indirect injection surface as it ingests untrusted data from conversation history and git logs to reconcile state.
  • Ingestion points: Current conversation context (Phase 1/3) and local git log/status history (Phase 1).
  • Boundary markers: Phase 5 enforces a hard requirement for a diff preview and explicit user approval ("Do not write files without showing the user what will change").
  • Capability inventory: The skill uses Read, Write, Edit, and Bash (local git log/status) to manage project-specific memory files located in ~/.claude/projects/.
  • Sanitization: Implements a "three-gate filter" (Durability, Specificity, Retrieval) and structured merge strategies (REPLACE, MERGE-LIST, PRESERVE) to control how data is integrated.
  • [DATA_EXPOSURE_AND_EXFILTRATION]: The skill accesses project-related metadata and memory files in the ~/.claude/ directory. This is consistent with its stated purpose of project state reconciliation. The instructions explicitly forbid remote calls, fetching from git remotes, or making network requests.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 11:36 AM