recall
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local shell script,
context-path.sh, to resolve environment variables and file paths. This script invokes a secondary script via a relative path (../remember/context-path.sh), which is a common practice for shared logic in skill collections and is considered a vendor-owned resource. - [DATA_EXPOSURE]: The skill reads and displays content from the
.context/and.rulesync/directories. These files contain project-specific context and rules intended to be shared with the agent for session resumption. - [INDIRECT_PROMPT_INJECTION]: The skill reads external file content, which serves as a potential vector for indirect prompt injection.
- Ingestion points: Content is loaded from the
.context/and.rulesync/directories. - Boundary markers: The skill uses markdown dividers and headers to structure the loaded content.
- Capability inventory: The skill is capable of executing local bash scripts and reading file contents from the workspace.
- Sanitization: The skill does not perform specific sanitization of the file content before presentation to the agent.
Audit Metadata