agent-transcript
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]:
- Ingestion points: The
scripts/agent-transcriptscript reads local.jsonlsession logs from multiple agent platforms (Codex, Claude, Pi, OpenClaw) via thefindandrendercommands. - Boundary markers: The skill uses explicit
<!-- agent-transcript:start -->and<!-- agent-transcript:end -->markers to delimit the transcript section in GitHub PR/issue bodies. - Capability inventory: The skill uses
node:fsfor local file access andnode:child_process.spawnto interface with the localcodexapp-server. It also suggests using theopencommand for local HTML previews. - Sanitization: Implements an extensive redaction engine using regular expressions to remove secrets (API keys, tokens, emails), local paths, and auth headers. It also truncates long entries and drops raw tool outputs and system prompts to minimize the risk of malicious content being propagated.
- [DATA_EXPOSURE_AND_EXFILTRATION]: The skill processes local agent logs which may contain sensitive data. To mitigate exposure, the
agent-transcriptscript implements an extensive redaction engine and includes anunsafecheck that fails the render if sensitive patterns persist after processing. No network exfiltration was detected; all operations are local-only, and the skill requires human confirmation and local previews before adding data to public bodies. - [COMMAND_EXECUTION]: The script uses
node:child_process.spawnto interface with a localcodexapp-server. The command (codex) and arguments are fixed, and no user-supplied input is interpolated into the shell command, which prevents common command injection vectors.
Audit Metadata