Skills
skills/akillness/skills-template/opencontext/Gen Agent Trust Hub

opencontext

Pass

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of an external CLI tool via the command npm install -g @aicontextlab/cli or via npx. This package is hosted on the public NPM registry and is not part of the provided trusted vendors list.
  • [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute various CLI commands (oc init, oc folder, oc doc, oc search, etc.) and to modify configuration files in IDE-specific directories such as ~/.cursor/mcp.json and ~/.claude/commands.
  • [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection by retrieving and processing external data from the file system to serve as context for the agent.
  • Ingestion points: Data is ingested from document files stored in ~/.opencontext/contexts and from the local repository via tools like oc_search, oc_list_docs, and oc_manifest.
  • Boundary markers: No explicit boundary markers or instructions to ignore embedded commands were found in the skill's provided workflows.
  • Capability inventory: The agent has access to Bash, Write, Read, Grep, and Glob tools, which could be leveraged if it follows malicious instructions embedded in the retrieved context.
  • Sanitization: There is no evidence of sanitization or content filtering for the data retrieved from the OpenContext store before it is presented to the LLM.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 6, 2026, 12:43 PM