opencontext
Warn
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the @aicontextlab/cli package from the NPM registry. This introduces an external dependency that is downloaded and executed on the host system. Evidence: npm install -g @aicontextlab/cli in SKILL.md.
- [COMMAND_EXECUTION]: The skill performs various system operations using the oc CLI tool via the Bash capability. This includes initializing projects, managing folders/documents, and building search indices. Evidence: oc init, oc folder create, oc doc create, and oc index build commands in SKILL.md.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8). It retrieves and processes data from external documents stored in ~/.opencontext/contexts. * Ingestion points: Documents read via oc_search, oc_manifest, and oc_list_docs in SKILL.md. * Boundary markers: None identified; instructions do not include delimiters or warnings for processed context. * Capability inventory: The skill uses Bash, Write, Read, Grep, and Glob tools to manage and interact with context data. * Sanitization: No evidence of sanitization or validation of the content retrieved from documents before it is provided to the agent.
Audit Metadata