agent-transcript

Pass

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: SAFE
Full Analysis
  • [INDIRECT_PROMPT_INJECTION]:
  • Ingestion points: The scripts/agent-transcript script reads local .jsonl session logs from multiple agent platforms (Codex, Claude, Pi, OpenClaw) via the find and render commands.
  • Boundary markers: The skill uses explicit <!-- agent-transcript:start --> and <!-- agent-transcript:end --> markers to delimit the transcript section in GitHub PR/issue bodies.
  • Capability inventory: The skill uses node:fs for local file access and node:child_process.spawn to interface with the local codex app-server. It also suggests using the open command for local HTML previews.
  • Sanitization: Implements an extensive redaction engine using regular expressions to remove secrets (API keys, tokens, emails), local paths, and auth headers. It also truncates long entries and drops raw tool outputs and system prompts to minimize the risk of malicious content being propagated.
  • [DATA_EXPOSURE_AND_EXFILTRATION]: The skill processes local agent logs which may contain sensitive data. To mitigate exposure, the agent-transcript script implements an extensive redaction engine and includes an unsafe check that fails the render if sensitive patterns persist after processing. No network exfiltration was detected; all operations are local-only, and the skill requires human confirmation and local previews before adding data to public bodies.
  • [COMMAND_EXECUTION]: The script uses node:child_process.spawn to interface with a local codex app-server. The command (codex) and arguments are fixed, and no user-supplied input is interpolated into the shell command, which prevents common command injection vectors.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 14, 2026, 06:48 AM
Security Audit — agent-trust-hub — agent-transcript