opencontext
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the OpenContext CLI package
@aicontextlab/clifrom the NPM registry. This downloads and installs third-party software required for the skill's functionality. - [COMMAND_EXECUTION]: The skill utilizes the
Bashtool to run variousoc(OpenContext) commands for initialization (oc init), configuration (oc config), and database indexing (oc index build). These operations interact with the local file system, specifically creating and managing files within the~/.opencontextdirectory. - [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection because it ingests and processes document content through its search and manifest features. If documents stored in the OpenContext database contain adversarial instructions, they could influence agent behavior when retrieved during a session.
- Ingestion points: External data is ingested via
oc searchandoc_manifestcommands from documents stored in the~/.opencontext/contextsdirectory. - Boundary markers: The skill does not explicitly define delimiters or instructions to ignore embedded commands within the retrieved context.
- Capability inventory: The skill possesses the capability to execute shell commands (
Bash), read files (Read), and write to the file system (Write). - Sanitization: There is no evidence of sanitization or filtering of the content retrieved from the persistent storage before it is provided to the agent context.
Audit Metadata