session-wrap-up

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Analysis of repository state using Git.
  • The skill instructions (SKILL.md, Step 3) direct the agent to execute git log, git status, and git diff. These are standard, non-privileged commands used to provide context for the wrap-up process.- [PROMPT_INJECTION]: Indirect Prompt Injection Surface.
  • The skill's primary purpose is to aggregate information from potentially untrusted sources (conversation history and existing project files) and promote that information into durable agent instructions (AGENTS.md, CLAUDE.md, etc.).
  • Ingestion points: The skill reads the recent conversation history (SKILL.md, Step 2) and scans project-specific files like CLAUDE.md and AGENTS.md (SKILL.md, Step 4).
  • Boundary markers: Absent. There are no instructions for the agent to use clear delimiters or 'ignore' commands when processing text from the session context.
  • Capability inventory: The agent has the capability to write to any file in the workspace and execute shell commands (git).
  • Sanitization: Absent. The skill relies on the agent's 'validation' step (Step 7) but does not provide specific criteria or patterns to detect and filter out adversarial instructions embedded in the session data.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 02:04 PM
Security Audit — agent-trust-hub — session-wrap-up