Skills
skills/nickcrew/claude-cortex/session-management/Gen Agent Trust Hub

session-management

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection (Category 8) due to its core functionality of processing external data.
  • Ingestion points: The skill ingests untrusted data from the local project environment using tools like Read, Grep, Glob, and TodoRead as specified in references/load.md and references/reflect.md.
  • Boundary markers: While the skill utilizes personas (e.g., quality-engineer, knowledge-engineer) to provide cognitive framing, it lacks explicit boundary markers or instructions to treat ingested file content as untrusted data.
  • Capability inventory: The agent possesses significant capabilities, including filesystem write access via Write and TodoWrite, and memory management operations through the Codanna MCP interface (write_memory, read_memory).
  • Sanitization: There is no evidence of sanitization or escaping of the content read from the project before it is passed to reflection tools like think_about_collected_information or summarized for session persistence.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 05:13 PM