cmd-session-commit
Pass
Audited by Gen Agent Trust Hub on May 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill includes a preflight shell script (
scripts/preflight.sh) that manages local file initialization and symlink creation. This is a routine setup operation. - [COMMAND_EXECUTION]: The agent is instructed to run repository-specific validation or repair commands if they exist. This allows for customized project maintenance but relies on the integrity of the user's own scripts.
- [PROMPT_INJECTION]: The skill analyzes session history to propose documentation updates, which creates an indirect prompt injection surface. Ingestion points: Session logs and repository files. Boundary markers: The skill uses a structured change proposal format to delineate proposed edits. Capability inventory: Bash, Write, Edit, Glob, and Grep tools. Sanitization: The risk is mitigated by a mandatory requirement for explicit user approval before any changes are applied to the filesystem.
Audit Metadata